Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'83 
b'linkks'75 
b'jobert'70 
b'nyymi'62 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'curl' disclosed a bug submitted by b'jfhgdsjkf' 
b'Security Analysis Report: CURL Integer Overflow Vulnerability'
18 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'smiliesandco' 
b'int overflow in krb5_read_data() leads to (possible) massive `recv()` write'
18 Sep 2025 timeline
b'Bykea' disclosed a bug submitted by b'sameer_ali' 
b'Critical Information Disclosure via /talos/api/v1/files/upload'
17 Sep 2025 timeline
b'Shopify' disclosed a bug submitted by b'fr4via' 
b'URL Scheme Validation Bypass in Shopify Mobile App Allows Javascript Execution'
17 Sep 2025 timeline
b'Shopify' disclosed a bug submitted by b'ahmednasr1' 
b'GraphQL Introspection Enabled on Shopify API Endpoint (Intended Behavior)'
17 Sep 2025 timeline
b'Bykea' disclosed a bug submitted by b'sameer_ali' 
b'MongoDB Query Logs & Schema Leak via Unauthenticated Endpoint'
17 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'batuhanilgarr' 
b'Stack Buffer Overflow in cURL Cookie Parsing Leads to RCE'
16 Sep 2025 timeline
b'Django' disclosed a bug submitted by b'eyalsec' 
b'SQL Injection when using FilteredRelation'
15 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'anony_gaku' 
b'Multiple Unsafe strcpy() Function Calls Leading to Potential Buffer Overflow Vulnerabilities in cURL 8.16.1-DEV'
14 Sep 2025 timeline
b'Insulet Corporation' disclosed a bug submitted by b'mechatech84' 
b'DOM XSS on www.omnipod.com/freedom/birthdate-confirmation and www.omnipod.com/pif/thanks-freedom'
13 Sep 2025 timeline
b'WordPress' disclosed a bug submitted by b'maxbr3n404' 
b'Pivilege escalation of any new user to Keymaster caused by CSRF'
13 Sep 2025 timeline
b'Django' disclosed a bug submitted by b'eyalsec' 
b'SQL injection in JSONField KeyTransform'
12 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'0xrey' 
b'TOCTOU Race Condition in HTTP/2 Connection Reuse Leads to Certificate Validation Bypass'
11 Sep 2025 timeline
b'TikTok' disclosed a bug submitted by b'eneri' 
b'Chained Broken Access Control in TikTok Live Backstage Enables Full Control of Public Leaderboard Activities'
11 Sep 2025 timeline
b'TikTok' disclosed a bug submitted by b'ahmed_xyz' 
b"Stored XSS on TikTok's backend leads to the leakage of highly sensitive administrator data (Cookies, API Keys, Internal Paths, Emails, phone numbers)."
11 Sep 2025 timeline
b'Khan Academy' disclosed a bug submitted by b'meowsint' 
b'337k users and 1 employee leaked credentials'
10 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'bigsleep' 
b'CVE-2025-9086: Out of bounds read for cookie path'
10 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'cruocco' 
b'CVE-2025-10148: predictable WebSocket mask'
10 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'mohmed_shoukry' 
b'Confirmed Security Misconfigurations on curl.se (BREACH, Missing Security Headers, ETag Info Disclosure)'
09 Sep 2025 timeline
1 2 3 ... 738
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM