Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'67 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Node.js' disclosed a bug submitted by b'0xmaxhax' 
b'TLS PSK/ALPN Callback Exceptions Bypass Error Handlers, Causing DoS and FD Leak'
12 Feb 2026 timeline
b'Node.js' disclosed a bug submitted by b'winfunc' 
b'Node.js permission model bypass via unchecked Unix Domain Socket connections (UDS)'
12 Feb 2026 timeline
b'Node.js' disclosed a bug submitted by b'aaron_vercel' 
b'Uncatchable "Maximum call stack size exceeded" error on Node.js via async_hooks leads to process crashes bypassing error handlers'
12 Feb 2026 timeline
b'Node.js' disclosed a bug submitted by b'giant_anteater' 
b'Memory leak that enables remote Denial of Service against applications processing TLS client certificates'
12 Feb 2026 timeline
b'Node.js' disclosed a bug submitted by b'chalker' 
b'Timeout-based race conditions make Uint8Array/Buffer.alloc non-zerofilled'
12 Feb 2026 timeline
b'Node.js' disclosed a bug submitted by b'natann' 
b'FS Permissions Bypass'
12 Feb 2026 timeline
b'Nextcloud' disclosed a bug submitted by b'se1en' 
b'Mail stored HTML injection in subject text'
12 Feb 2026 timeline
b'Omise' disclosed a bug submitted by b'alitoni224' 
b'Cache Pollution via Unkeyed GET Parameters on www.omise.co'
11 Feb 2026 timeline
b'AWS VDP' disclosed a bug submitted by b'aneeeketh' 
b'Unlimited Reuse of Coupon Code Allows Free Shipping on All Orders on '
09 Feb 2026 timeline
b'Django' disclosed a bug submitted by b'sy2n0' 
b'ASGIRequest header concatenation quadratic CPU DoS on Django via repeated headers leads to worker exhaustion'
09 Feb 2026 timeline
b'Nextcloud' disclosed a bug submitted by b'se1en' 
b'WebAuthn app was updated based on public key'
06 Feb 2026 timeline
b'curl' disclosed a bug submitted by b'pajarori' 
b'MQTT Protocol Packet Injection via Unchecked CONNACK Remaining Length'
05 Feb 2026 timeline
b'Django' disclosed a bug submitted by b'stackered' 
b'User enumeration via timing attack in Django mod_wsgi authentication backend leads to account discovery'
04 Feb 2026 timeline
b'GoCD' disclosed a bug submitted by b'aigirl' 
b'Information Disclosure via Logback Configuration Injection in GoCD Agent'
04 Feb 2026 timeline
b'LinkedIn' disclosed a bug submitted by b'allenjo' 
b'Previous commentor on post can still comment even after comment permission is changed to disabled'
03 Feb 2026 timeline
b'LinkedIn' disclosed a bug submitted by b'minex627' 
b'Improper Access Control - Access to "Active Hiring" (Premium feature) filter results '
03 Feb 2026 timeline
b'ExpressionEngine' disclosed a bug submitted by b'fed01k' 
b'SQL injection in structure plugin'
26 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'playerofficial19' 
b'wcurl Argument Injection via Unquoted Variable'
26 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'f_i_h' 
b'Integer Underflow in src/var.c'
26 Jan 2026 timeline
1 2 3 ... 752
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM