Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'67 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'curl' disclosed a bug submitted by b'herdiyanitdev' 
b'Functional Regression in Digest Authentication: Failure to handle optional spaces and escaped quotes'
21 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'herdiyanitdev' 
b'A logic error in detect_proxy caused truncation of environment variable names for long protocol schemes.'
21 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'gaurav0212' 
b'Unbounded memory consumption via compressed HTTP responses (gzip/brotli/zstd)'
21 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'strokep' 
b'Heap Buffer Over-Read via Malicious SMB Server READ_ANDX Response'
20 Dec 2025 timeline
b'Node.js' disclosed a bug submitted by b'sideni' 
b'Missing AES-GCM Authentication Tag Validation and Improper Deprecation Handling'
19 Dec 2025 timeline
b'Trellix' disclosed a bug submitted by b'lemonoftroy' 
b'RXSS in https://jp.mcafee.com/apps/mdm/jp/3.0_asp/ '
19 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'im4x' 
b'File URL UNC Path Access (Windows SSRF)'
18 Dec 2025 timeline
b'Cosmos' disclosed a bug submitted by b'tychebe' 
b'Economic DoS (Griefing) on IBC Relayers via `memo` Callback Gas Exploitation'
18 Dec 2025 timeline
b'IBM' disclosed a bug submitted by b'kanon4' 
b'[RCE] Remote Code Execution via React Server Components Vulnerability CVE-2025-55182'
18 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'anonymous_237' 
b'Certificate Pinning Bypass with wolfSSL backend over HTTP/3'
17 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'badrodin22' 
b'Heap buffer overflow in Curl_ipv4_resolve_r due to incorrect buffer alignment and size calculation on AmigaOS'
17 Dec 2025 timeline
b'Cloudflare Public Bug Bounty' disclosed a bug submitted by b'matured_kazama' 
b'Second-Order XSS via javascript protocol in MCP Server Portal Apps leads to ATO'
16 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'the-pink-panther' 
b'Heap Overflow in cURL AmigaOS Socket Implementation'
16 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'the-pink-panther' 
b'Curl Alt-Svc Parser Stack Buffer Overflow'
16 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'ba5' 
b'Path Traversal Bypass in file:// URLs Due to Incomplete URL-Encoded Path Normalization'
15 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'qqqqqqqqqqqqqqqq' 
b'testing hackerone functions'
13 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'sy2n0' 
b'Denial of Service (DoS) vulnerability in dedotdotify() URL path normalization'
13 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'mlgzackfly' 
b'Buffer Overflow in cURL Internal printf Function'
12 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'kelsier' 
b'Terminal Output Not Great'
11 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'4bccc' 
b'Certificate Hostname Validation Bypass via Leading Dot in Hostname'
09 Dec 2025 timeline
1 ... 6 7 8 9 10 ... 753
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM