Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'64 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Enjin' disclosed a bug submitted by b'pwnie' 
b'Unauthenticated GraphQL access by prepending __schema to private operations'
05 Dec 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'aptroom' 
b'Stored XSS Vulnerability via SVG File'
05 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'rootx1337' 
b'Title: Use-After-Free in cURL Test Suite via Improper Cleanup of Global Handle'
05 Dec 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'klipz' 
b'admin_audit does not log actions on files in a group folder'
05 Dec 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'daroo' 
b'Deck app allowed user with "Can share" permission to modify permissions of other non-owners'
05 Dec 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'daroo' 
b'Calendar app allowed booking appointments without the generated token'
05 Dec 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'daroo' 
b'Calendar attachments of local files are offered to downloaded'
05 Dec 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'daroo' 
b'Missing ownership check in Tables app allows moving columns into tables of other users'
05 Dec 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'daroo' 
b'Tables app allowed users to view columns metadata information of any table'
05 Dec 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'daroo' 
b'Participants were able to blindly delete poll drafts of other users by ID'
05 Dec 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'0x0doteth' 
b'Approval app allows users to request approval for other users file '
05 Dec 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'0x0doteth' 
b' Nextcloud Tables v1 Share Enumeration Without Authorization (Regression of CVE-2024-52507)'
05 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'anonymous_237' 
b'SMTP Protocol Injection via CRLF in CURLOPT_MAIL_FROM leading to Email Spoofing'
04 Dec 2025 timeline
b'Django' disclosed a bug submitted by b'stackered' 
b'Potential SQL Injection when annotating FilteredRelation on PostgreSQL'
02 Dec 2025 timeline
b'Stripo Inc' disclosed a bug submitted by b'odaysec' 
b'[my.stripo.email] Blind SSRF Vulnerability in Stripo App Export via Missing Endpoints Export Email Message to Zapier'
01 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'quello_stanco' 
b'Path Traversal in file:// protocol allows Arbitrary File Read'
01 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'helspy' 
b'Heap Buffer Overflow in TFTP'
01 Dec 2025 timeline
b'Revive Adserver' disclosed a bug submitted by b'kassem_s94' 
b'Username Validation Bypass'
26 Nov 2025 timeline
b'curl' disclosed a bug submitted by b'kak1' 
b'Infinite loop issue in the state machine of the curl project'
26 Nov 2025 timeline
1 2 3 ... 745
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM