Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'67 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'curl' disclosed a bug submitted by b'pajarori' 
b'MQTT Protocol Packet Injection via Unchecked CONNACK Remaining Length'
05 Feb 2026 timeline
b'Django' disclosed a bug submitted by b'stackered' 
b'User enumeration via timing attack in Django mod_wsgi authentication backend leads to account discovery'
04 Feb 2026 timeline
b'GoCD' disclosed a bug submitted by b'aigirl' 
b'Information Disclosure via Logback Configuration Injection in GoCD Agent'
04 Feb 2026 timeline
b'LinkedIn' disclosed a bug submitted by b'allenjo' 
b'Previous commentor on post can still comment even after comment permission is changed to disabled'
03 Feb 2026 timeline
b'LinkedIn' disclosed a bug submitted by b'minex627' 
b'Improper Access Control - Access to "Active Hiring" (Premium feature) filter results '
03 Feb 2026 timeline
b'ExpressionEngine' disclosed a bug submitted by b'fed01k' 
b'SQL injection in structure plugin'
26 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'playerofficial19' 
b'wcurl Argument Injection via Unquoted Variable'
26 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'f_i_h' 
b'Integer Underflow in src/var.c'
26 Jan 2026 timeline
b'Basecamp' disclosed a bug submitted by b'northeastprince' 
b'Spam & Clearance checks disabled with existing referenced Message-ID'
21 Jan 2026 timeline
b'Stripo Inc' disclosed a bug submitted by b'srcode' 
b'[Critical] Unauthorized Cross-Tenant Data Access in Stripo AI Hub Campaign via Deleted Project.'
20 Jan 2026 timeline
b'Cosmos' disclosed a bug submitted by b'0xjam' 
b'Memory Exhaustion in CometBFT v1.0.1 via malicious ProposalMessage leads to network-wide denial of service'
20 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'ichise' 
b'Crossorigin cookies leak and injection risk when using a custom Host header'
20 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'foobar4213' 
b'SSL options ISSUERCERT, EC_CURVES and CRLFILE silently ignored by non-OpenSSL backends'
20 Jan 2026 timeline
b'pixiv' disclosed a bug submitted by b'dexter34' 
b'Internal logs/info leaked via endpoint {https://203.137.128.240/server-status}'
20 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'bhaskar_ram' 
b'Cookie Replacement Use-After-Free Vulnerability'
19 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'bhaskar_ram' 
b'Cookie Max-Age Integer Overflow Vulnerability'
19 Jan 2026 timeline
b'pixiv' disclosed a bug submitted by b'giwadaoud' 
b'Disclose Hidden Comments on Media Section of hub.vroid.com'
18 Jan 2026 timeline
b'pixiv' disclosed a bug submitted by b'hyk3n' 
b'clickjacing can lead to account takeover'
18 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'andrewml' 
b'libcurl: Improper Authentication State Management on Cross-Protocol Redirects'
17 Jan 2026 timeline
1 2 3 ... 752
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM