Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'83 
b'linkks'75 
b'jobert'70 
b'nyymi'62 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'curl' disclosed a bug submitted by b'voggerloops' 
b'Authorization Header Leak via --location-trusted in Curl'
03 Jul 2025 timeline
b'curl' disclosed a bug submitted by b'catenacyber' 
b'Memory leak of ftp (with proxy reuse)'
01 Jul 2025 timeline
b'curl' disclosed a bug submitted by b'alphox' 
b'HTTP Proxy Bypass via `CURLOPT_CUSTOMREQUEST` Verb Tunneling'
01 Jul 2025 timeline
b'curl' disclosed a bug submitted by b'evilginx1' 
b'Speculative Execution Side-Channel in `curl` '
01 Jul 2025 timeline
b'curl' disclosed a bug submitted by b'demsese' 
b'arbitrary file read via `file://` path traversal with `--path-as-is`'
01 Jul 2025 timeline
b'curl' disclosed a bug submitted by b'freak_coding' 
b'Heap buffer overflow vulnerability in conncache.c: incorrect use of pointer arrays resulting in out-of-bounds memory writes.'
01 Jul 2025 timeline
b'curl' disclosed a bug submitted by b'wolfsage' 
b'curl -OJ allows creating custom .curlrc file which allows exfiltrating private data, among other things'
01 Jul 2025 timeline
b'curl' disclosed a bug submitted by b'wolfsage' 
b'curl_easy_header runs at O(N) or worse and can be abused to use minute(s) of CPU time'
01 Jul 2025 timeline
b'curl' disclosed a bug submitted by b'oicus' 
b'[High] MITM via Insecure CA Path Handling in cURL (--capath, CURLOPT_CAPATH) (CWE-494: Download of Code Without Integrity Check)'
30 Jun 2025 timeline
b'curl' disclosed a bug submitted by b'oicus' 
b'[High] Arbitrary File Write via Path Traversal in cURL CLI (`-o`, `--output`) (CWE-22: Improper Limitation of a Pathname to a Restricted Directory)'
30 Jun 2025 timeline
b'curl' disclosed a bug submitted by b'redfoxsec' 
b'Potential XSS vector in curl via unsanitized URL parameter handling'
30 Jun 2025 timeline
b'curl' disclosed a bug submitted by b'tdp3kel9g' 
b'Double free caused by mqtt_doing()'
30 Jun 2025 timeline
b'curl' disclosed a bug submitted by b'cyberguardianrd' 
b"Buffer Overflow in curl's Rustls Backend"
30 Jun 2025 timeline
b'curl' disclosed a bug submitted by b'agent_0' 
b'Stack-based Buffer Overflow in TELNET NEW_ENV Option Handling'
30 Jun 2025 timeline
b'Yelp' disclosed a bug submitted by b'0xold' 
b'RXSS AT https://proze.yelp.com/tmsubscribe.net/vidsn.aspx'
30 Jun 2025 timeline
b'Cosmos' disclosed a bug submitted by b'unknown_feature' 
b'Making transfer v2 channel unupgradable through the forwarding '
30 Jun 2025 timeline
b'Cosmos' disclosed a bug submitted by b'unknown_feature' 
b'Replacing ICA active channel during the upgrade and a bit more'
30 Jun 2025 timeline
b'Tools for Humanity' disclosed a bug submitted by b'polem4rch' 
b'Unlock underage blocked app without support interaction using airplane mode'
30 Jun 2025 timeline
b'curl' disclosed a bug submitted by b'geeknik' 
b'Heap Buffer Overflow in libcurl curl_slist_append via Unterminated String'
30 Jun 2025 timeline
b'curl' disclosed a bug submitted by b'catenacyber' 
b'Memory leak from doh_write_cb'
29 Jun 2025 timeline
1 ... 4 5 6 7 8 ... 737
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM