| Characters before custom tag | s3np41k1r1t0 | 6/23/2025 | XSS | 0 |
2 2 | Characters that can be inside the javascript protocol caopyasdas | PinkDraconian | 6/17/2025 | XSS | 0 |
| Injection in src attribute PORT, characters that change hostname | reindaelman | 6/15/2025 | JS | 1 |
15 | Characters appended at the end of PORT within URL, which yield a different HOST | reindaelman | 6/15/2025 | JS | 0 |
| Characters allowed as a tag name using DOM APIs | hackvertor | 6/13/2025 | JS | 0 |
| Characters allowed before host name that are ignored | hackvertor | 6/11/2025 | XSS | 0 |
| Url parsing diff b/w anchor.href and new URL | Sudistark | 5/26/2025 | JS | 0 |
| Scheme slash alternatives in URL() when a base is used | N25sec | 5/22/2025 | JS | 0 |
| test_protocol | winterisland0710 | 5/20/2025 | JS | 0 |
| Characters that end unencapsulated HTML attribute values | ola456 | 5/14/2025 | XSS | 0 |
| Unicode characters with a decomposition of 2+ ASCII characters and are registerable domains | 0x999-x | 5/7/2025 | XSS | 1 |
17 | URL scheme separator alternatives copyh | PinkDraconian | 5/6/2025 | JS | 0 |
| Characters allowed in the protocol that still resolve host name | hackvertor | 5/6/2025 | JS | 0 |
1 | Chars that can be used as opening bracket in innerHTML | nollium | 4/19/2025 | JS | 0 |
33 | Fuzzing for Max sanitized input (simplified) | vitorfhc | 4/7/2025 | XSS | 0 |
| test-id | made-pradipta_grabtaxi | 3/26/2025 | HTML | 0 |
1 1 | CSS inline property definition | hipotermia | 3/12/2025 | HTML | 0 |
1 1 | Characters that starts element name | lUcgryy | 3/10/2025 | HTML | 0 |
1 1 | Escape inline double quote | lUcgryy | 3/7/2025 | XSS | 0 |
4 | Characters allowed before the JavaScript protocol colon | RemakingEden | 3/3/2025 | XSS | 0 |