Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'83 
b'linkks'75 
b'jobert'70 
b'nyymi'62 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'SingleStore' disclosed a bug submitted by b'q11x' 
b'IDOR - Scheduled data leak to other accounts By "projectID"'
12 Aug 2025 timeline
b'curl' disclosed a bug submitted by b'ks_karem77' 
b"Account/Repository Takeover via Abandoned GitHub Username in curl's href_extractor.c"
12 Aug 2025 timeline
b'curl' disclosed a bug submitted by b'spectre-1' 
b'Insecure WebSocket Usage in curl Documentation and Examples (CWE-319: Cleartext Transmission of Sensitive Information)'
12 Aug 2025 timeline
b'curl' disclosed a bug submitted by b'spectre-1' 
b'Unsafe Global IFS Modification in OS400 Shell Script Enables Command Injection and Parsing Flaws (CWE-78/CWE-20)'
12 Aug 2025 timeline
b'curl' disclosed a bug submitted by b'spectre-1' 
b'Exposure of Hard-coded Private Keys and Credentials in curl Source Repository (CWE-321)'
12 Aug 2025 timeline
b'curl' disclosed a bug submitted by b'z1andr4g0n' 
b'Title: Remote Code Execution (RCE) via Arbitrary Library Loading in `--engine` option'
10 Aug 2025 timeline
b'curl' disclosed a bug submitted by b'z1andr4g0n' 
b'Path Traversal in SFTP QUOTE command leads to Arbitrary File Write and potential RCE'
10 Aug 2025 timeline
b'curl' disclosed a bug submitted by b'ahmedqc1' 
b'Vulnerability Report: Local File Disclosure via file:// Protocol in cURL'
10 Aug 2025 timeline
b'curl' disclosed a bug submitted by b'geeknik' 
b'Heap Buffer Overflow in Curl_memdup0() via CURLOPT_COPYPOSTFIELDS/CURLOPT_POSTFIELDSIZE Mismatch'
09 Aug 2025 timeline
b'Nintendo' disclosed a bug submitted by b'kinnay' 
b'Man-in-the-middle through broken SSL certificate verification'
08 Aug 2025 timeline
b'GitHub' disclosed a bug submitted by b'ghbountyocto' 
b'Sample report: Denial of service '
07 Aug 2025 timeline
b'curl' disclosed a bug submitted by b'letshack9707' 
b'Use After Free (that leads to arbitrary Write for some versions) '
06 Aug 2025 timeline
b'WakaTime' disclosed a bug submitted by b'zeesozee' 
b'Double Clickjacking Attack on WakaTime OAuth Authorization Flow at https://wakatime.com/oauth/authorize'
05 Aug 2025 timeline
b'WakaTime' disclosed a bug submitted by b'ctrl_cipher' 
b'Unauthorized Disclosure of Private Emails via WakaTime Private Leaderboards'
03 Aug 2025 timeline
b'curl' disclosed a bug submitted by b'kakorrhaphiophobia' 
b'Integer Overflow in schannel.c TLS Data Transmission'
02 Aug 2025 timeline
b'MetaMask' disclosed a bug submitted by b'bug_vs_me' 
b'total Failure of password protection while extracting seed phrase! increases attack surface area for scammers'
31 Jul 2025 timeline
b'curl' disclosed a bug submitted by b'geeknik' 
b'Stack use-after-scope in HTTP/3 POST request processing via CURLOPT_POSTFIELDS'
31 Jul 2025 timeline
b'Mozilla' disclosed a bug submitted by b'yoyomiski' 
b'Bypass "No Links" Restriction in Biography via Protocol-Relative URL (//)'
29 Jul 2025 timeline
b'Mozilla' disclosed a bug submitted by b'trein' 
b'Mozilla VPN Clients: RCE via file write and path traversal'
29 Jul 2025 timeline
b'curl' disclosed a bug submitted by b'nyymi' 
b'OpenSSL HTTP/3 bogus CURLINFO_TLS_SSL_PTR'
28 Jul 2025 timeline
1 2 3 4 ... 736
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM