Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'64 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'curl' disclosed a bug submitted by b'ahn0x' 
b'libcurl FTP path normalization flaw allows decoded %2e%2e CWD .. and directory escape (Path Traversal, CWE-22)'
11 Nov 2025 timeline
b'curl' disclosed a bug submitted by b'skymander' 
b'Hash exposed in public repository'
11 Nov 2025 timeline
b'Basecamp' disclosed a bug submitted by b'fr4via' 
b'Two click Account Takeover '
11 Nov 2025 timeline
b'curl' disclosed a bug submitted by b'tomar-re' 
b'Command Injection - CRITICISM'
11 Nov 2025 timeline
b'curl' disclosed a bug submitted by b'rootsecret3' 
b'Silent TLS Trust Model Hijacking via `CURL_CA_BUNDLE` Environment Variable Leads to MITM'
11 Nov 2025 timeline
b'curl' disclosed a bug submitted by b'rootsecret3' 
b'Arbitrary Configuration File Inclusion: via External Control of File Name or Path'
10 Nov 2025 timeline
b'curl' disclosed a bug submitted by b'haider790h' 
b'SMTP CRLF Injection in curl/libcurl via MAIL FROM/RCPT TO parameters'
10 Nov 2025 timeline
b'curl' disclosed a bug submitted by b'jiyong' 
b'libcurl MQTT `CURLOPT_POSTFIELDSIZE_LARGE` overflow leads to immediate DoS'
10 Nov 2025 timeline
b'curl' disclosed a bug submitted by b'biswarup_das' 
b'Unsafe use of strcpy in Curl_ldap_err2string (packages/OS400/os400sys.c) stack-buffer-overflow (PoC + ASan)'
10 Nov 2025 timeline
b'curl' disclosed a bug submitted by b'bau1u' 
b'SMTP CRLF Command Injection in CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT'
10 Nov 2025 timeline
b'lemlist' disclosed a bug submitted by b'mcdave' 
b'Unauthorized Password Reset Allows Account Takeover Across Tenant Boundaries'
07 Nov 2025 timeline
b'Lovable VDP' disclosed a bug submitted by b'anxioussick' 
b'Low-privileged user can enable or disable Lovable AI for new projects in workspace'
07 Nov 2025 timeline
b'Django' disclosed a bug submitted by b'cyberstan' 
b'SQL Injection in Django ORM via Unvalidated `_connector` in Q Objects'
06 Nov 2025 timeline
b'curl' disclosed a bug submitted by b'giant_anteater' 
b'CVE-2025-10966: missing SFTP host verification with wolfSSH'
05 Nov 2025 timeline
b'Lovable VDP' disclosed a bug submitted by b'd0maxploit' 
b'Improper Authorization Leads to Editor can toggle admin-only workspace features (Lovable AI)'
04 Nov 2025 timeline
b'Lovable VDP' disclosed a bug submitted by b'd0maxploit' 
b'Improper Authorization Leads to Editor can toggle admin-only workspace features (Lovable Cloud)'
04 Nov 2025 timeline
b'Mozilla' disclosed a bug submitted by b'xhacking_z' 
b'Microsoft `x-apikey` Exposed in Mozilla CI Public Logs'
03 Nov 2025 timeline
b'curl' disclosed a bug submitted by b'hackerpllim' 
b'HackerOne'
03 Nov 2025 timeline
b'curl' disclosed a bug submitted by b'hackerpllim' 
b'Hi Hacker'
03 Nov 2025 timeline
1 2 3 ... 742
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM