Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'67 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'GitHub' disclosed a bug submitted by b'ahacker1' 
b'Missing Access Control in MigrationFile allows attacker to upload files to any Migration'
05 Mar 2026 timeline
b'curl' disclosed a bug submitted by b'errorbehavior200' 
b'SSTI leads to Command injection'
04 Mar 2026 timeline
b'curl' disclosed a bug submitted by b'deepbluev7' 
b'Use after free in hyperfifo example'
03 Mar 2026 timeline
b'Omise' disclosed a bug submitted by b'0x7ashish' 
b'2FA requirement bypass when inviting team members'
28 Feb 2026 timeline
b'AWS VDP' disclosed a bug submitted by b'h0ne_analyst_94cm4n1' 
b'Password Reuse Vulnerability on AWS Sign-in Page via Password Reset Flow leads to Security Policy Violation'
26 Feb 2026 timeline
b'curl' disclosed a bug submitted by b'knickers' 
b'Integer Overflow in curl_multi_get_handles() Leading to Heap Buffer Overflow'
26 Feb 2026 timeline
b'curl' disclosed a bug submitted by b'davkor' 
b'RTSP RTP Interleaved Parser Assertion Failure (Zero-Length RTP Payload)'
26 Feb 2026 timeline
b'Cloudflare Public Bug Bounty' disclosed a bug submitted by b'matured_kazama' 
b'AI Playground XSS to steal user-chat messages and access to connected MCP Server'
26 Feb 2026 timeline
b'curl' disclosed a bug submitted by b'shan_nandi' 
b'Able to bypass HSTS using trailing dot'
26 Feb 2026 timeline
b'curl' disclosed a bug submitted by b'pelioro' 
b'Curl Telnet Handler Buffer Overflow'
26 Feb 2026 timeline
b'PortSwigger Web Security' disclosed a bug submitted by b'zorixu' 
b'HTML Injection in DAST Trial Request Form Confirmation Email PortSwigger'
26 Feb 2026 timeline
b'Mars' disclosed a bug submitted by b'xgoon' 
b'Publicly accessible `` endpoint exposing internal user identifiers and email addresses'
24 Feb 2026 timeline
b'Mars' disclosed a bug submitted by b'0xr2r' 
b'CVE--35813 in '
24 Feb 2026 timeline
b'Mars' disclosed a bug submitted by b'prakhar0x01' 
b'Sensitive information exposed at [] via /export_panelists_to_xlsx endpoint'
24 Feb 2026 timeline
b'Mars' disclosed a bug submitted by b'xgoon' 
b' - Publicly Accessible public_html Directory Exposing WordPress Configuration'
24 Feb 2026 timeline
b'Mars' disclosed a bug submitted by b'4ksh3ye' 
b'SQLi At `` via `theme_name` '
24 Feb 2026 timeline
b'Mars' disclosed a bug submitted by b'scriptsavvy' 
b'SQLi at parameter'
24 Feb 2026 timeline
b'Mars' disclosed a bug submitted by b'azar_man' 
b' No Rate Limiting on Password Attempts After Insecure Registration Flow cause ATO'
24 Feb 2026 timeline
b'Node.js' disclosed a bug submitted by b'illia-v' 
b'Unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion'
23 Feb 2026 timeline
b'Nintendo' disclosed a bug submitted by b'hana2736' 
b'Splatoon 3 Anticheat Seed Randomization Weakness'
19 Feb 2026 timeline
1 ... 7 8 9 10 11 ... 761
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM