Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'67 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'U.S. Dept Of Defense' disclosed a bug submitted by b'0xr2r' 
b'DNN - Unrestricted Arbitrary File Upload #'
12 Jan 2026 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'0xr2r' 
b'GlobalProtect - OS Command Injection #'
12 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'darksql' 
b'Heap Out-of-Bounds Read in lib/http2.c via Malformed PUSH_PROMISE Headers'
10 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'unknowperson0212' 
b'CRLF Injection in HTTP header values allows arbitrary header injection'
10 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'raulvdv' 
b'State Isolation Failure in Multiplexed Connections (Shared Auth Context)'
08 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'han_ank' 
b'Stack Buffer Overflow in mprintf.c formatting function (fallback path)'
08 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'unknowperson0212' 
b'inconsistently Rejection Logic in file:// URLs with Authority'
08 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'anonymous_237' 
b'CVE-2025-14524: bearer token leak on cross-protocol redirect'
07 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'nyymi' 
b'CVE-2025-15079: libssh global knownhost override '
07 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'nyymi' 
b'CVE-2025-15224: libssh key passphrase bypass without agent set'
07 Jan 2026 timeline
b'UPchieve' disclosed a bug submitted by b'guusverbeek' 
b'Postgres Admin Username and Password in Plain text'
06 Jan 2026 timeline
b'AWS VDP' disclosed a bug submitted by b'nick_frichette_dd' 
b'Non-Production API Endpoints for the AI Ops Service Fails to Log to CloudTrail Resulting in Silent Permission Enumeration'
06 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'gaurav_7777' 
b'MQTT: Missing upper bound on incoming Remaining Length allows server-controlled long wait'
06 Jan 2026 timeline
b'AWS VDP' disclosed a bug submitted by b'nick_frichette_dd' 
b'AWS Auto Scaling Service Reporting "AWS Internal" for CloudTrail Events Generated from Specific Endpoints'
05 Jan 2026 timeline
b'LY Corporation' disclosed a bug submitted by b'imnotr3al' 
b'Stored XSS via SVG Upload in chat.line.biz'
05 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'7hackerstar' 
b'Path Traversal in curl file:// Protocol Handler Allows Unauthorized File Access'
04 Jan 2026 timeline
b'curl' disclosed a bug submitted by b'amik_f' 
b'Alt-Svc bypasses credential leak protection (CVE-2018-1000007)'
04 Jan 2026 timeline
b'Nextcloud' disclosed a bug submitted by b'loremipsumi' 
b'Predictable proposal participant tokens enable unauthorized access and vote submission'
04 Jan 2026 timeline
b'Nextcloud' disclosed a bug submitted by b'rolandsch' 
b'Users can modify tags on files that do not belong to them'
04 Jan 2026 timeline
b'Nextcloud' disclosed a bug submitted by b'jayateerthag' 
b'Deck app allows to spoof file extensions by using RTLO characters'
04 Jan 2026 timeline
1 2 3 4 5 6 ... 751
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM