Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'83 
b'linkks'75 
b'jobert'70 
b'nyymi'63 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'TikTok' disclosed a bug submitted by b'eneri' 
b'Chained Broken Access Control in TikTok Live Backstage Enables Full Control of Public Leaderboard Activities'
11 Sep 2025 timeline
b'TikTok' disclosed a bug submitted by b'ahmed_xyz' 
b"Stored XSS on TikTok's backend leads to the leakage of highly sensitive administrator data (Cookies, API Keys, Internal Paths, Emails, phone numbers)."
11 Sep 2025 timeline
b'Khan Academy' disclosed a bug submitted by b'meowsint' 
b'337k users and 1 employee leaked credentials'
10 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'bigsleep' 
b'CVE-2025-9086: Out of bounds read for cookie path'
10 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'cruocco' 
b'CVE-2025-10148: predictable WebSocket mask'
10 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'mohmed_shoukry' 
b'Confirmed Security Misconfigurations on curl.se (BREACH, Missing Security Headers, ETag Info Disclosure)'
09 Sep 2025 timeline
b'Shopify' disclosed a bug submitted by b'naveenventure' 
b'Session Persistence Designed to Keep Users Logged In Across Multiple Devices (Intended Behaviour)'
04 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'g3nj1z' 
b'libcurl: Host-Only Cookies Leak to Alternate IPv4 Forms'
04 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'reporascal_1' 
b'Heap-buffer-overflow (Out-of-Bounds Read) in DoH hostname encoding'
04 Sep 2025 timeline
b'Tucows (VDP)' disclosed a bug submitted by b'c0rvuz' 
b'Business Logic Error Bypass of OTP Verification During Signup on hover.com'
02 Sep 2025 timeline
b'Mars' disclosed a bug submitted by b'kuriyama' 
b'Unauthenticated Sensitive Information Disclosure on CVE-2021-38314'
02 Sep 2025 timeline
b'Mars' disclosed a bug submitted by b'kuriyama' 
b'Bug Report #23JAN136 (subdomain takeover via shopify )'
02 Sep 2025 timeline
b'Mars' disclosed a bug submitted by b'kuriyama' 
b'Bug Report #23JAN135 (subdomain takeover via shopify )'
02 Sep 2025 timeline
b'Mars' disclosed a bug submitted by b'kuriyama' 
b'RXSS on stores on */visitorRegistration.pml via destination parameter'
02 Sep 2025 timeline
b'Mars' disclosed a bug submitted by b'blackbird_azar' 
b'Order More Than Maximum Allowed Quantity'
02 Sep 2025 timeline
b'Mars' disclosed a bug submitted by b'egsec' 
b'Account Takeover in Password Reset Function'
02 Sep 2025 timeline
b'Lichess' disclosed a bug submitted by b'albetisi' 
b' Unauthorized Blogs Creation'
02 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'9vvert' 
b'Incorrect Parsing of IPv6 Zone ID in curl'
01 Sep 2025 timeline
b'Node.js' disclosed a bug submitted by b'codingthunder' 
b'CWE-195 in ExternalMemoryAccounter::Increase()'
26 Aug 2025 timeline
b'AWS VDP' disclosed a bug submitted by b'notnotnotveg' 
b'AWS | Self Registration Internal LibreChat : Access to internal/proprietary LLMs'
25 Aug 2025 timeline
1 2 3 4 5 ... 739
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM