| Characters allowed after malformed entities | hackvertor | 7/1/2024 | XSS | 0 |
| List of HTML elements that convert to arbitrary string | joaxcar | 4/10/2024 | XSS | 0 |
| Characters allowed before javascript URL | ThomasOrlita | 4/15/2024 | JS | 0 |
| Characters allowed to end a JS string | sqjor | 7/17/2024 | JS | 0 |
| test | 0x999-x | 4/10/2024 | JS | 0 |
| XSS vectors that execute automatically | hackvertor | 4/17/2024 | XSS | 0 |
 25 | Valid characters between function and parenthesis | felipecaon | 5/6/2024 | JS | 0 |
| Entities allowed before slashes on a protocol relative URL | hackvertor | 7/6/2024 | JS | 0 |
14 | Active formatting elements | JorianWoltjer | 5/1/2024 | XSS | 0 |
| Mutated XSS with img onerror | sqjor | 7/30/2024 | XSS | 0 |
31 | Characters appended at the end of TLD within URL, which yield in the same host property | InsertScript | 1/10/2025 | JS | 0 |
 1 | Characters that can be between < and script> | m10x | 11/12/2024 | HTML | 0 |
| Characters allowed between < and element | felipecaon | 5/6/2024 | HTML | 0 |
1 | Characters that can break out of an inline style with single quotes | 0xdef1ant | 7/13/2024 | XSS | 0 |
| Characters that act as quotes or whitespace | hackvertor | 4/13/2024 | HTML | 0 |
24 | Characters that can be used in eval to write code in between | m-boll | 5/12/2024 | JS | 0 |
 1 1 | XSS vectors that execute automatically inside svg | hackvertor | 4/17/2024 | XSS | 0 |
| Characters ignored in strings when doing a non strict comparison | hackvertor | 6/18/2024 | JS | 0 |
| Characters that act as parentheses | hackvertor | 6/24/2024 | JS | 0 |
6 | Characters allowed before onerror events | hackvertor | 3/30/2024 | XSS | 0 |
