Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'83 
b'linkks'75 
b'jobert'70 
b'nyymi'62 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'curl' disclosed a bug submitted by b'robert_min1' 
b'curl leaks destination IP via glibc getaddrinfo() UDP connect, bypassing SOCKS5/Tor'
20 Aug 2025 timeline
b'curl' disclosed a bug submitted by b'irene1hacker' 
b'Curl parse_connect_to_string Heap-Overread Leading to Denial of Service via CURLOPT_CONNECT_TO'
20 Aug 2025 timeline
b'WakaTime' disclosed a bug submitted by b'pashaaaaaaaa' 
b'Invalid'
19 Aug 2025 timeline
b'curl' disclosed a bug submitted by b'pelioro' 
b'WebSocket Fragmentation DoS on Curl Client'
19 Aug 2025 timeline
b'Insightly' disclosed a bug submitted by b'akostak' 
b'Email verification bypass via request to endpoint "accounts.insightly.com/signup/provisionuser"'
18 Aug 2025 timeline
b'Malwarebytes' disclosed a bug submitted by b'assassin_marcos' 
b'No SPF/DMARC records on mb-cosmos.com'
18 Aug 2025 timeline
18 Aug 2025 disclosed a bug submitted by Title Heap Use-After-Free Vulnerability in `curl` Leading to Potential Code Execution' 
b'
b'irene1hacker' timeline
b'Malwarebytes' disclosed a bug submitted by b'sijojohnson' 
b'Email Verification Bypass via Race Condition'
15 Aug 2025 timeline
b'Malwarebytes' disclosed a bug submitted by b'mantu1738' 
b'Replayable Password Change Request Across Sessions.'
15 Aug 2025 timeline
b'Malwarebytes' disclosed a bug submitted by b'tarun_sec' 
b'Rails Debug Mode Enabled On ( https://44.208.145.207/testrail/files.md5 ) '
15 Aug 2025 timeline
b'Shopify' disclosed a bug submitted by b'saltymermaid' 
b'URL Path Manipulation Enables Cache Poisoning of Amazon Affiliate Products in Shopify Linkpop'
14 Aug 2025 timeline
b'AWS VDP' disclosed a bug submitted by b'ricardojoserf' 
b'Remote Code Execution in Amazon MWAA due to outdated Apache Airflow version'
14 Aug 2025 timeline
b'8x8 Bounty' disclosed a bug submitted by b'abdallasamir12' 
b'.8x8.vc/index.js: Exposed Google Maps API Key Allowing Potential Abuse of Paid Services'
14 Aug 2025 timeline
b'HackerOne' disclosed a bug submitted by b'madara_' 
b'Internal Access to Hackerone confluence Docs'
13 Aug 2025 timeline
b'SingleStore' disclosed a bug submitted by b'q11x' 
b'Exceed the maximum number of subscribers using Race Condition '
12 Aug 2025 timeline
b'SingleStore' disclosed a bug submitted by b'q11x' 
b'IDOR - Scheduled data leak to other accounts By "projectID"'
12 Aug 2025 timeline
b'curl' disclosed a bug submitted by b'ks_karem77' 
b"Account/Repository Takeover via Abandoned GitHub Username in curl's href_extractor.c"
12 Aug 2025 timeline
b'curl' disclosed a bug submitted by b'spectre-1' 
b'Insecure WebSocket Usage in curl Documentation and Examples (CWE-319: Cleartext Transmission of Sensitive Information)'
12 Aug 2025 timeline
b'curl' disclosed a bug submitted by b'spectre-1' 
b'Unsafe Global IFS Modification in OS400 Shell Script Enables Command Injection and Parsing Flaws (CWE-78/CWE-20)'
12 Aug 2025 timeline
1 2 3 ... 736
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM