Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'83 
b'linkks'75 
b'jobert'70 
b'nyymi'62 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'curl' disclosed a bug submitted by b'giant_anteater' 
b'OpenSSL backend: X509 peer certificate not freed in ossl_get_channel_binding causes per-request memory leak (DoS risk for long-lived clients)'
08 Oct 2025 timeline
b'Omise' disclosed a bug submitted by b'mantu1738' 
b'Pending invites remain valid even after the inviter is removed.'
08 Oct 2025 timeline
b'SingleStore' disclosed a bug submitted by b'4x4' 
b'Exceeding the limit of Workspaces via Race Condition'
06 Oct 2025 timeline
b'curl' disclosed a bug submitted by b'donutshunter' 
b'Unsanitized IPFS CID Allows SSRF Against Configured Gateway'
03 Oct 2025 timeline
b'Rockstar Games' disclosed a bug submitted by b'gavinmartinwv' 
b'Access to the personal emails of Rockstar Support agents through the support platform'
02 Oct 2025 timeline
b'curl' disclosed a bug submitted by b'leftyha' 
b'AWS SigV4 Signature Disclosure via Verbose Logging in libcurl'
01 Oct 2025 timeline
b'Cloudflare Public Bug Bounty' disclosed a bug submitted by b'null_smashmaster0045' 
b"`use-mcp`'s oauth2 process uses a window.open call with untrusted mcp server provided data allowing for code execution under the page using it"
30 Sep 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'farhad0x1' 
b'Information Exposure Through Directory Listing'
29 Sep 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'farhad0x1' 
b'Email not verified when changing afterwards on apps.nextcloud.com'
29 Sep 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'farhad0x1' 
b' Exposing debug.log file leads to server full path disclosure'
29 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'giant_anteater' 
b'SMTP Command Injection Vulnerabilities in curl'
26 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'z3r0yu' 
b'Inconsistent URL Parsing in curl Leading to Potential SSRF and Access Control Bypass'
26 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'giant_anteater' 
b'Race condition on global `gss_context` during SOCKS5 GSS-API negotiation in libcurl'
26 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'giant_anteater' 
b'Use-after-free when POST body buffer is freed before transfer'
26 Sep 2025 timeline
b'Informatica' disclosed a bug submitted by b'admin097' 
b'XSS1'
24 Sep 2025 timeline
b'GitHub' disclosed a bug submitted by b'furbreeze' 
b'Arbitrary Read of Another Users private repository without Authorization'
23 Sep 2025 timeline
b'Insightly' disclosed a bug submitted by b'xploiterr' 
b'Stored XSS via LINK Name.'
23 Sep 2025 timeline
b'Kubernetes' disclosed a bug submitted by b'ian' 
b'elections.k8s.io uses weak session secret key, may place elections at risk'
19 Sep 2025 timeline
b'Insightly' disclosed a bug submitted by b'khaledx' 
b'Stored XSS in Email Notifcation '
19 Sep 2025 timeline
1 2 3 ... 739
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM