| Characters allowed between an object and bracket notation | cold-try | 4/15/2024 | JS | 0 |
| Characters allowed between HTML attributes | 0x999-x | 4/10/2024 | XSS | 0 |
| Characters allowed between < and element | felipecaon | 5/6/2024 | HTML | 0 |
 5  5 | Characters allowed before the tag attribute and equals. | hansmach1ne | 4/30/2024 | HTML | 0 |
| Characters allowed before parentheses | hackvertor | 3/31/2024 | JS | 0 |
 25 | Characters allowed before optional chaining | hackvertor | 5/4/2024 | JS | 0 |
6 | Characters allowed before onerror events | hackvertor | 3/30/2024 | XSS | 0 |
| Characters allowed before javascript URL | ThomasOrlita | 4/15/2024 | JS | 0 |
| Characters allowed before event in attribute name using setAttribute | hackvertor | 8/21/2024 | JS | 0 |
5 5 | Characters allowed before CSS selectors | hackvertor | 7/15/2024 | XSS | 0 |
| Characters allowed at hostname | d0ge | 6/11/2024 | JS | 0 |
| Characters allowed at IPv6 but don't change the hostname | d0ge | 6/10/2024 | JS | 0 |
| Characters allowed as a class separator | hackvertor | 4/13/2024 | XSS | 0 |
29 | Characters allowed after the void operator | hackvertor | 4/30/2024 | JS | 0 |
| Characters allowed after parentheses | hackvertor | 4/1/2024 | JS | 0 |
25 25 | Characters allowed after optional chaining | hackvertor | 5/4/2024 | JS | 1 |
| Characters allowed after malformed entities | hackvertor | 7/1/2024 | XSS | 0 |
| Characters allowed after hostname but don't change the hostname | ThomasOrlita | 4/15/2024 | JS | 2 |
31 | Characters allowed after greater than in events | hackvertor | 6/21/2024 | XSS | 0 |
| Characters allowed after * in CSS comments | hackvertor | 3/31/2024 | HTML | 0 |
