Top10 publishers:
bobrov87 
b'nyymi'66 
b'someonenobbd'62 
sp1d3rs54 
b'geeknik'52 
b'ooooooo_q'46 
b'ryat'46 
bigbear_38 
b'netfuzzer'37 
guido37 Twitter

the unofficial HackerOne disclosure timeline.

X
b'Mars' disclosed a bug submitted by b'xgoon' 
b' - Publicly Accessible public_html Directory Exposing WordPress Configuration'
24 Feb 2026 timeline
b'Mars' disclosed a bug submitted by b'4ksh3ye' 
b'SQLi At `` via `theme_name` '
24 Feb 2026 timeline
b'Mars' disclosed a bug submitted by b'scriptsavvy' 
b'SQLi at parameter'
24 Feb 2026 timeline
b'Mars' disclosed a bug submitted by b'azar_man' 
b' No Rate Limiting on Password Attempts After Insecure Registration Flow cause ATO'
24 Feb 2026 timeline
b'Node.js' disclosed a bug submitted by b'illia-v' 
b'Unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion'
23 Feb 2026 timeline
b'Nintendo' disclosed a bug submitted by b'hana2736' 
b'Splatoon 3 Anticheat Seed Randomization Weakness'
19 Feb 2026 timeline
b'Nintendo' disclosed a bug submitted by b'kinnay' 
b'ASLR leak in Mario Kart World through LAN mode'
19 Feb 2026 timeline
b'Automattic' disclosed a bug submitted by b'georgestephanis' 
b'XSS Vulnerability on Pressable/Atomic Hosting Platform via unescaped admin notices leads to code execution'
18 Feb 2026 timeline
b'Sony' disclosed a bug submitted by b'vortekx' 
b'Improper State Validation on Sony WH-CH520 via BLE Command Service leads to unauthorized Bluetooth pairing and audio hijacking'
17 Feb 2026 timeline
b'Node.js' disclosed a bug submitted by b'0xmaxhax' 
b'TLS PSK/ALPN Callback Exceptions Bypass Error Handlers, Causing DoS and FD Leak'
12 Feb 2026 timeline
b'Node.js' disclosed a bug submitted by b'winfunc' 
b'Node.js permission model bypass via unchecked Unix Domain Socket connections (UDS)'
12 Feb 2026 timeline
b'Node.js' disclosed a bug submitted by b'aaron_vercel' 
b'Uncatchable "Maximum call stack size exceeded" error on Node.js via async_hooks leads to process crashes bypassing error handlers'
12 Feb 2026 timeline
b'Node.js' disclosed a bug submitted by b'giant_anteater' 
b'Memory leak that enables remote Denial of Service against applications processing TLS client certificates'
12 Feb 2026 timeline
b'Node.js' disclosed a bug submitted by b'chalker' 
b'Timeout-based race conditions make Uint8Array/Buffer.alloc non-zerofilled'
12 Feb 2026 timeline
b'Node.js' disclosed a bug submitted by b'natann' 
b'FS Permissions Bypass'
12 Feb 2026 timeline
b'Nextcloud' disclosed a bug submitted by b'se1en' 
b'Mail stored HTML injection in subject text'
12 Feb 2026 timeline
b'Omise' disclosed a bug submitted by b'alitoni224' 
b'Cache Pollution via Unkeyed GET Parameters on www.omise.co'
11 Feb 2026 timeline
b'AWS VDP' disclosed a bug submitted by b'aneeeketh' 
b'Unlimited Reuse of Coupon Code Allows Free Shipping on All Orders on '
09 Feb 2026 timeline
b'Django' disclosed a bug submitted by b'sy2n0' 
b'ASGIRequest header concatenation quadratic CPU DoS on Django via repeated headers leads to worker exhaustion'
09 Feb 2026 timeline
b'Nextcloud' disclosed a bug submitted by b'se1en' 
b'WebAuthn app was updated based on public key'
06 Feb 2026 timeline
1 ... 9 10 11 12 13 ... 792
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM