Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'65 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Cloudflare Public Bug Bounty' disclosed a bug submitted by b'matured_kazama' 
b'Second-Order XSS via javascript protocol in MCP Server Portal Apps leads to ATO'
16 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'the-pink-panther' 
b'Heap Overflow in cURL AmigaOS Socket Implementation'
16 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'the-pink-panther' 
b'Curl Alt-Svc Parser Stack Buffer Overflow'
16 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'ba5' 
b'Path Traversal Bypass in file:// URLs Due to Incomplete URL-Encoded Path Normalization'
15 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'qqqqqqqqqqqqqqqq' 
b'testing hackerone functions'
13 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'sy2n0' 
b'Denial of Service (DoS) vulnerability in dedotdotify() URL path normalization'
13 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'mlgzackfly' 
b'Buffer Overflow in cURL Internal printf Function'
12 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'kelsier' 
b'Terminal Output Not Great'
11 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'4bccc' 
b'Certificate Hostname Validation Bypass via Leading Dot in Hostname'
09 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'lm3alm' 
b'Stack Buffer Overflow in cURL wolfSSL Backend (lib/vtls/wolfssl.c)'
09 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'nyymi' 
b'curl built with GnuTLS backend defaults to weak crypto parameters'
08 Dec 2025 timeline
b'Enjin' disclosed a bug submitted by b'pwnie' 
b'Unauthenticated GraphQL access by prepending __schema to private operations'
05 Dec 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'aptroom' 
b'Stored XSS Vulnerability via SVG File'
05 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'rootx1337' 
b'Title: Use-After-Free in cURL Test Suite via Improper Cleanup of Global Handle'
05 Dec 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'klipz' 
b'admin_audit does not log actions on files in a group folder'
05 Dec 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'daroo' 
b'Deck app allowed user with "Can share" permission to modify permissions of other non-owners'
05 Dec 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'daroo' 
b'Calendar app allowed booking appointments without the generated token'
05 Dec 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'daroo' 
b'Calendar attachments of local files are offered to downloaded'
05 Dec 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'daroo' 
b'Missing ownership check in Tables app allows moving columns into tables of other users'
05 Dec 2025 timeline
1 2 3 ... 745
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM