Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'64 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'curl' disclosed a bug submitted by b'giant_anteater' 
b'Use-after-free when POST body buffer is freed before transfer'
26 Sep 2025 timeline
b'Informatica' disclosed a bug submitted by b'admin097' 
b'XSS1'
24 Sep 2025 timeline
b'GitHub' disclosed a bug submitted by b'furbreeze' 
b'Arbitrary Read of Another Users private repository without Authorization'
23 Sep 2025 timeline
b'Insightly' disclosed a bug submitted by b'xploiterr' 
b'Stored XSS via LINK Name.'
23 Sep 2025 timeline
b'Kubernetes' disclosed a bug submitted by b'ian' 
b'elections.k8s.io uses weak session secret key, may place elections at risk'
19 Sep 2025 timeline
b'Insightly' disclosed a bug submitted by b'khaledx' 
b'Stored XSS in Email Notifcation '
19 Sep 2025 timeline
b'Insightly' disclosed a bug submitted by b'khaledx' 
b'CSRF vulnerability allows disabling Gmail contacts link for user referrals'
19 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'frizo_05' 
b'Timing Attack Vulnerability in curl Digest Authentication via Non-Constant-Time String Comparison'
18 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'jfhgdsjkf' 
b'Security Analysis Report: CURL Integer Overflow Vulnerability'
18 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'smiliesandco' 
b'int overflow in krb5_read_data() leads to (possible) massive `recv()` write'
18 Sep 2025 timeline
b'Bykea' disclosed a bug submitted by b'sameer_ali' 
b'Critical Information Disclosure via /talos/api/v1/files/upload'
17 Sep 2025 timeline
b'Shopify' disclosed a bug submitted by b'fr4via' 
b'URL Scheme Validation Bypass in Shopify Mobile App Allows Javascript Execution'
17 Sep 2025 timeline
b'Shopify' disclosed a bug submitted by b'ahmednasr1' 
b'GraphQL Introspection Enabled on Shopify API Endpoint (Intended Behavior)'
17 Sep 2025 timeline
b'Bykea' disclosed a bug submitted by b'sameer_ali' 
b'MongoDB Query Logs & Schema Leak via Unauthenticated Endpoint'
17 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'batuhanilgarr' 
b'Stack Buffer Overflow in cURL Cookie Parsing Leads to RCE'
16 Sep 2025 timeline
b'Django' disclosed a bug submitted by b'eyalsec' 
b'SQL Injection when using FilteredRelation'
15 Sep 2025 timeline
b'curl' disclosed a bug submitted by b'anony_gaku' 
b'Multiple Unsafe strcpy() Function Calls Leading to Potential Buffer Overflow Vulnerabilities in cURL 8.16.1-DEV'
14 Sep 2025 timeline
b'Insulet Corporation' disclosed a bug submitted by b'mechatech84' 
b'DOM XSS on www.omnipod.com/freedom/birthdate-confirmation and www.omnipod.com/pif/thanks-freedom'
13 Sep 2025 timeline
b'WordPress' disclosed a bug submitted by b'maxbr3n404' 
b'Pivilege escalation of any new user to Keymaster caused by CSRF'
13 Sep 2025 timeline
b'Django' disclosed a bug submitted by b'eyalsec' 
b'SQL injection in JSONField KeyTransform'
12 Sep 2025 timeline
1 2 3 4 5 6 ... 741
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM