Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'67 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Revive Adserver' disclosed a bug submitted by b'nigh7c0r3' 
b'Reflected XSS in afr.php'
14 Jan 2026 timeline
b'Revive Adserver' disclosed a bug submitted by b'0xjad' 
b'Broken Access Control allows advertiser accounts to delete trackers they do not own'
14 Jan 2026 timeline
b'Revive Adserver' disclosed a bug submitted by b'pakcyberbot' 
b'INI Format string injection in Revive Adserver 6.0.4 settings'
14 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'z2_' 
b'Integer-underflow leads to heap over-read in TFTP implementation'
14 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'andrew-bbp' 
b'Digest Authentication Header Injection'
14 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'vikash_saw' 
b'Directory listing vulnerability is disclosing names and emails, widespread (thousands of records, publicly accessible without auth)'
14 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'andrew-bbp' 
b'Gopher Protocol Command Injection (SSRF Smuggling)'
14 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'adce626q' 
b'Use-After-Free in curl_easy_nextheader when reusing header handle across requests'
14 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'0xshakib0x04' 
b'MQTT: unsigned integer underflow bypasses MAX_MQTT_MESSAGE_SIZE check'
13 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'gudyuu' 
b'integer Overflow in MQTT Protocol Handling Allows Bypassing Message Size Limit'
13 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'moha1sd' 
b'Information Disclosure in API Endpoint /users'
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'l0rdv0ld3m0r7' 
b'Publicly Accessible CDN Endpoint Exposing XML Metadata (including ETag)'
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'exec_iq' 
b'Create account without auth via response manipulation '
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'xgoon' 
b'Information Disclosure via Publicly Accessible Debug Log'
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'saqib98' 
b'Debug Info disclose '
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'0xkarim_dix' 
b'Reflected XSS Vulnerability in SSL VPN Endpoint CVE-2025-0133'
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'aramx4' 
b'Reflected XSS via user Parameter in /ssl-vpn/getconfig.esp'
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'aramx4' 
b'Reflected XSS via user Parameter on getconfig.esp Endpoint'
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'bewgsy' 
b'XSS on '
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'jonasdiasrebelo' 
b'Cross-Site Scripting via URL on '
12 Jan 2026 timeline
1 2 3 4 ... 751
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM