Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'83 
b'linkks'75 
b'jobert'70 
b'nyymi'63 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Cloudflare Public Bug Bounty' disclosed a bug submitted by b'null_smashmaster0045' 
b"`use-mcp`'s oauth2 process uses a window.open call with untrusted mcp server provided data allowing for code execution under the page using it"
30 Sep 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'farhad0x1' 
b'Information Exposure Through Directory Listing'
29 Sep 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'farhad0x1' 
b'Email not verified when changing afterwards on apps.nextcloud.com'
29 Sep 2025 timeline
b'Nextcloud' disclosed a bug submitted by b'farhad0x1' 
b' Exposing debug.log file leads to server full path disclosure'
29 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'giant_anteater' 
b'SMTP Command Injection Vulnerabilities in curl'
26 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'z3r0yu' 
b'Inconsistent URL Parsing in curl Leading to Potential SSRF and Access Control Bypass'
26 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'giant_anteater' 
b'Race condition on global `gss_context` during SOCKS5 GSS-API negotiation in libcurl'
26 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'giant_anteater' 
b'Use-after-free when POST body buffer is freed before transfer'
26 Sep 2025 timeline
b'Informatica' disclosed a bug submitted by b'admin097' 
b'XSS1'
24 Sep 2025 timeline
b'GitHub' disclosed a bug submitted by b'furbreeze' 
b'Arbitrary Read of Another Users private repository without Authorization'
23 Sep 2025 timeline
b'Insightly' disclosed a bug submitted by b'xploiterr' 
b'Stored XSS via LINK Name.'
23 Sep 2025 timeline
b'Kubernetes' disclosed a bug submitted by b'ian' 
b'elections.k8s.io uses weak session secret key, may place elections at risk'
19 Sep 2025 timeline
b'Insightly' disclosed a bug submitted by b'khaledx' 
b'Stored XSS in Email Notifcation '
19 Sep 2025 timeline
b'Insightly' disclosed a bug submitted by b'khaledx' 
b'CSRF vulnerability allows disabling Gmail contacts link for user referrals'
19 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'frizo_05' 
b'Timing Attack Vulnerability in curl Digest Authentication via Non-Constant-Time String Comparison'
18 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'jfhgdsjkf' 
b'Security Analysis Report: CURL Integer Overflow Vulnerability'
18 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'smiliesandco' 
b'int overflow in krb5_read_data() leads to (possible) massive `recv()` write'
18 Sep 2025 timeline
b'Bykea' disclosed a bug submitted by b'sameer_ali' 
b'Critical Information Disclosure via /talos/api/v1/files/upload'
17 Sep 2025 timeline
b'Shopify' disclosed a bug submitted by b'fr4via' 
b'URL Scheme Validation Bypass in Shopify Mobile App Allows Javascript Execution'
17 Sep 2025 timeline
b'Shopify' disclosed a bug submitted by b'ahmednasr1' 
b'GraphQL Introspection Enabled on Shopify API Endpoint (Intended Behavior)'
17 Sep 2025 timeline
1 2 3 4 ... 740
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM