REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
84
b'linkks'
75
b'jobert'
70
b'nyymi'
67
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Node.js'
disclosed a bug submitted by
b'rafaelgss'
b'Assertion error in node_url.cc via malformed URL format leads to Node.js crash'
26 Mar 2026
b'RubyGems'
disclosed a bug submitted by
b'6b_jjj'
b'Server-side ReDoS via user-controlled regex in OIDC Access Policy'
26 Mar 2026
b'curl'
disclosed a bug submitted by
b'wizard021'
b'Bearer Token Leaked to Attacker via .netrc Despite CVE-2026-3783 Fix'
26 Mar 2026
b'curl'
disclosed a bug submitted by
b'ankitsingh_76'
b'Security Vulnerability Report: Protocol Injection via Programmatic Options'
26 Mar 2026
b'curl'
disclosed a bug submitted by
b'3lcarry'
b'HTTP/1.1 Response Desynchronization via conflicting CL/TE headers in Proxy CONNECT'
25 Mar 2026
b'curl'
disclosed a bug submitted by
b'tynus'
b'Function `do_pubkey()` can have out-of-bound read issue'
25 Mar 2026
b'IBM'
disclosed a bug submitted by
b'bugmithalchemist'
b'Potential Subdomain Takeover on IBM.com domain.'
24 Mar 2026
b'LinkedIn'
disclosed a bug submitted by
b'riadalrashed'
b'Access to Deactivated LinkedIn Company Pages via Competitor Analytics API'
24 Mar 2026
b'Python Cryptographic Authority'
disclosed a bug submitted by
b'uv3doble'
b'Fail-Open in set_tlsext_servername_callback on pyopenssl via unhandled exceptions leads to security bypass'
20 Mar 2026
b'Mozilla'
disclosed a bug submitted by
b'adilnbabras'
b'[Privilege Escalation] User can Pin|Unpin Any Comment on Any Project or Locale'
20 Mar 2026
b'curl'
disclosed a bug submitted by
b'zoroo2'
b'Exposed .git/config File Leading to Potential Sensitive Information Disclosure'
20 Mar 2026
b'GitHub'
disclosed a bug submitted by
b'ahacker1'
b'Add labels to arbitrary issues/prs & compromise github actions label checks'
19 Mar 2026
b'GitHub'
disclosed a bug submitted by
b's3rdz0'
b'PATs without the required scope can leak issues'
19 Mar 2026
b'HackerOne'
disclosed a bug submitted by
b'theokeen'
b'Lack of Validation in Reward Redemption Allows Unlimited Burp Suite License Abuse'
18 Mar 2026
b'curl'
disclosed a bug submitted by
b'lg_oled77c5pua'
b'HSTS accepted from HTTP origin behind HTTPS proxy'
17 Mar 2026
b'curl'
disclosed a bug submitted by
b'am-perip'
b'Unescaped username in SASL DIGEST-MD5 response allows injection'
17 Mar 2026
b'LinkedIn'
disclosed a bug submitted by
b'dphoeniixx'
b'Session Cookie Leakage via Static Header Field in WebViewerFragment'
17 Mar 2026
b'Lovable VDP'
disclosed a bug submitted by
b'ziadmomen'
b'Business Logic Bypass Allows Setting Read Access Role Without Pro Plan Subscription'
16 Mar 2026
b'curl'
disclosed a bug submitted by
b'tavro'
b'SMB READ_ANDX DataOffset not validated'
16 Mar 2026
b'Basecamp'
disclosed a bug submitted by
b'perxibes'
b'Unauthenticated access to private files on app.fizzy.do via Active Storage URLs leads to information disclosure'
16 Mar 2026
1
...
5
6
7
8
9
...
761
BY DENIS WERNER - @NOBBD -
IMPRESSUM
