Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'67 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Nextcloud' disclosed a bug submitted by b'loremipsumi' 
b'Predictable proposal participant tokens enable unauthorized access and vote submission'
04 Jan 2026 timeline
b'Nextcloud' disclosed a bug submitted by b'rolandsch' 
b'Users can modify tags on files that do not belong to them'
04 Jan 2026 timeline
b'Nextcloud' disclosed a bug submitted by b'jayateerthag' 
b'Deck app allows to spoof file extensions by using RTLO characters'
04 Jan 2026 timeline
b'Nextcloud' disclosed a bug submitted by b'nilsding' 
b'Information disclosure via Desktop client when attempting to lock a file inside a end-to-end encrypted directory '
04 Jan 2026 timeline
b'Nextcloud' disclosed a bug submitted by b'updatelap' 
b'Stored XSS in contacts app via organisation and title field'
04 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'huntsd' 
b'PROTOCOL-LEVEL: Persistent UDP Amplification and Cache Poisoning via Alt-Svc Logic Flaw'
02 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'n12d11n' 
b'HTTP Request Smuggling and SSRF via CRLF Injection in Curl_add_custom_headers'
02 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'gaurav0212' 
b'CRLF Injection in Gopher Protocol (`lib/gopher.c`)'
02 Jan 2026 timeline
b'PortSwigger Web Security' disclosed a bug submitted by b'osama-hamad' 
b'The role "CI-driven scan initiator" provides excessive read access'
02 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'ssyyaa' 
b'MQTT Protocol Violation & Integer Overflow in libcurl'
01 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'ltl_professor' 
b'A quiet New Year wish for security researchers'
01 Jan 2026 timeline
b'IBM' disclosed a bug submitted by b'dara_7979' 
b'Remote Code Execution identified on IBM endpoint.'
31 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'cyberguardianrd' 
b'HTTP/2 and HTTP/3 Header Injection in curl'
30 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'yupiy' 
b'Proxy-Authorization header is leaked to origin server after redirect from proxied to direct connection'
30 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'ltl_professor' 
b'SMTP CRLF Injection & Protocol Desynchronization in libcurl'
29 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'stif' 
b'Telnet Suboption Buffer Pointer Underflow in lib/telnet.c leads to Out-of-Bounds Read'
29 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'onevone' 
b'CrossLayer State Confusion in libcurl: Credential & KeyMaterial Persistence Across Redirect / Connection Reuse Boundaries'
28 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'efrsxcv' 
b'WebSocket Logic Error: Control Frame (PING/PONG) Starvation causes Connection Drop (DoS) during large transfers'
28 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'efrsxcv' 
b'Heap Buffer Over-read in lib/http2.c (on_header) handling PUSH_PROMISE frames'
28 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'efrsxcv' 
b'CRLF Injection / Protocol Smuggling in libcurl via CURLOPT_USERNAME (IMAP)'
28 Dec 2025 timeline
1 ... 4 5 6 7 8 ... 752
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM