Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'64 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'curl' disclosed a bug submitted by b'lim_e' 
b'runs javascript on powershell when it shouldnt'
26 Nov 2025 timeline
b'Flickr' disclosed a bug submitted by b'maskopatol' 
b'High resource consumption by insufficient sanitization of forum threads pagination'
24 Nov 2025 timeline
b'curl' disclosed a bug submitted by b'cainvsilf' 
b'[SFTP] TOCTOU Race Condition in Upload Resume Logic Leads to Arbitrary File Append'
24 Nov 2025 timeline
b'M&T Bank Vulnerability Disclosure' disclosed a bug submitted by b'ozgun32' 
b'HTML Injection in Emails on login.mtb.com via givenName parameter leads to phishing attacks'
24 Nov 2025 timeline
b'curl' disclosed a bug submitted by b'letshack9707' 
b"Arbitrary free in curl's config file parsing."
23 Nov 2025 timeline
b'Basecamp' disclosed a bug submitted by b'stackered' 
b'Improper bot-authentication allows to impersonate any user when sending messages in a room'
21 Nov 2025 timeline
b'Django' disclosed a bug submitted by b'stackered' 
b'Path traversal via archive.extract - CVE 2021-3281 incomplete patch'
21 Nov 2025 timeline
b'curl' disclosed a bug submitted by b'gaurav_7777' 
b'Out-of-bounds read in HTTP method handling causes undefined behavior and potential crash This is sharp, Gaurav. Weve got a real memory-safety bug ins'
20 Nov 2025 timeline
b'Bykea' disclosed a bug submitted by b'sameer_ali' 
b'Lack of minimum value bid wheel verification on customer_bid in Rental Trips'
20 Nov 2025 timeline
b'Bykea' disclosed a bug submitted by b'sameer_ali' 
b'Customer can cancel a individual booking in a batch, causing locking of partner.'
20 Nov 2025 timeline
b'AWS VDP' disclosed a bug submitted by b'savannabungee' 
b'Existence of completed pods allows for bypass of Kubernetes NetworkPolicy'
19 Nov 2025 timeline
b'Revive Adserver' disclosed a bug submitted by b'vidang04' 
b'Unrestricted setPerPage allows huge result sets / resource exhaustion / mass log retrieval'
19 Nov 2025 timeline
b'Revive Adserver' disclosed a bug submitted by b'yoyomiski' 
b'Username normalization missing allows visually indistinguishable accounts (Whitespace-Based Impersonation)'
19 Nov 2025 timeline
b'Revive Adserver' disclosed a bug submitted by b'vidang04' 
b'Stored-XSS in campaign name displayed in Banners modal'
19 Nov 2025 timeline
b'Revive Adserver' disclosed a bug submitted by b'yoyomiski' 
b'Stored-XSS in Banner Name field '
19 Nov 2025 timeline
b'Revive Adserver' disclosed a bug submitted by b'vidang04' 
b'Reflected XSS in /admin/banner-zone.php (v6.0.0+)'
19 Nov 2025 timeline
b'Revive Adserver' disclosed a bug submitted by b'yoyomiski' 
b'Information Disclosure via Verbose Error Messages'
19 Nov 2025 timeline
b'Revive Adserver' disclosed a bug submitted by b'cyberjoker' 
b'IDOR Vulnerability in Banner Deletion '
19 Nov 2025 timeline
b'Revive Adserver' disclosed a bug submitted by b'yoyomiski' 
b'Information Disclosure via Add user lookup in Account Management (User Access)'
19 Nov 2025 timeline
b'Revive Adserver' disclosed a bug submitted by b'cyberjoker' 
b'Stored XSS in Conversion Statistics via Tracker Name'
19 Nov 2025 timeline
1 2 3 4 ... 745
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM