Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'67 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'curl' disclosed a bug submitted by b'gaurav_7777' 
b'MQTT: Missing upper bound on incoming Remaining Length allows server-controlled long wait'
06 Jan 2026 timeline
b'AWS VDP' disclosed a bug submitted by b'nick_frichette_dd' 
b'AWS Auto Scaling Service Reporting "AWS Internal" for CloudTrail Events Generated from Specific Endpoints'
05 Jan 2026 timeline
b'LY Corporation' disclosed a bug submitted by b'imnotr3al' 
b'Stored XSS via SVG Upload in chat.line.biz'
05 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'7hackerstar' 
b'Path Traversal in curl file:// Protocol Handler Allows Unauthorized File Access'
04 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'amik_f' 
b'Alt-Svc bypasses credential leak protection (CVE-2018-1000007)'
04 Jan 2026 timeline
b'Nextcloud' disclosed a bug submitted by b'loremipsumi' 
b'Predictable proposal participant tokens enable unauthorized access and vote submission'
04 Jan 2026 timeline
b'Nextcloud' disclosed a bug submitted by b'rolandsch' 
b'Users can modify tags on files that do not belong to them'
04 Jan 2026 timeline
b'Nextcloud' disclosed a bug submitted by b'jayateerthag' 
b'Deck app allows to spoof file extensions by using RTLO characters'
04 Jan 2026 timeline
b'Nextcloud' disclosed a bug submitted by b'nilsding' 
b'Information disclosure via Desktop client when attempting to lock a file inside a end-to-end encrypted directory '
04 Jan 2026 timeline
b'Nextcloud' disclosed a bug submitted by b'updatelap' 
b'Stored XSS in contacts app via organisation and title field'
04 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'huntsd' 
b'PROTOCOL-LEVEL: Persistent UDP Amplification and Cache Poisoning via Alt-Svc Logic Flaw'
02 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'n12d11n' 
b'HTTP Request Smuggling and SSRF via CRLF Injection in Curl_add_custom_headers'
02 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'gaurav0212' 
b'CRLF Injection in Gopher Protocol (`lib/gopher.c`)'
02 Jan 2026 timeline
b'PortSwigger Web Security' disclosed a bug submitted by b'osama-hamad' 
b'The role "CI-driven scan initiator" provides excessive read access'
02 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'ssyyaa' 
b'MQTT Protocol Violation & Integer Overflow in libcurl'
01 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'ltl_professor' 
b'A quiet New Year wish for security researchers'
01 Jan 2026 timeline
b'IBM' disclosed a bug submitted by b'dara_7979' 
b'Remote Code Execution identified on IBM endpoint.'
31 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'cyberguardianrd' 
b'HTTP/2 and HTTP/3 Header Injection in curl'
30 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'yupiy' 
b'Proxy-Authorization header is leaked to origin server after redirect from proxied to direct connection'
30 Dec 2025 timeline
b'curl' disclosed a bug submitted by b'ltl_professor' 
b'SMTP CRLF Injection & Protocol Desynchronization in libcurl'
29 Dec 2025 timeline
1 ... 8 9 10 11 12 ... 757
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM