| Properties that contain URLs | hackvertor | 5/31/2024 | JS | 2 |
| Characters that separate CSS properties | hackvertor | 4/2/2024 | HTML | 0 |
| Characters after strings | hackvertor | 4/3/2024 | JS | 0 |
| Characters allowed after malformed entities | hackvertor | 7/1/2024 | XSS | 0 |
| Characters that act like new line or single line comment | hackvertor | 4/13/2024 | JS | 0 |
| Entities allowed before slashes on a protocol relative URL | hackvertor | 7/6/2024 | JS | 0 |
| XSS vectors that execute automatically | hackvertor | 4/17/2024 | XSS | 0 |
| HTML elements that parse differently when rendered | hackvertor | 4/19/2024 | XSS | 1 |
| Entities allowed before function calls | hackvertor | 7/2/2024 | XSS | 0 |
| Entities allowed as JS variables | hackvertor | 7/2/2024 | XSS | 1 |
 661  662 | Characters that can be used as valid labels in JavaScript | hackvertor | 4/30/2024 | JS | 2 |
| Characters that act as attribute quotes | hackvertor | 5/28/2024 | XSS | 0 |
| Characters that act as quotes or whitespace | hackvertor | 4/13/2024 | HTML | 0 |
| Characters allowed in-between operators | hackvertor | 4/14/2024 | JS | 2 |
| All events on window | hackvertor | 5/31/2024 | JS | 1 |
| Tags that get reordered in the DOM | hackvertor | 1/21/2025 | XSS | 0 |
| Malformed HTML comments | hackvertor | 1/17/2025 | XSS | 0 |
| Characters allowed before slashes which result in an external URL | hackvertor | 1/16/2025 | XSS | 1 |
| Properties that leak the parent URL even when sandboxed | hackvertor | 6/6/2024 | JS | 0 |
| Tags that stop style | hackvertor | 4/9/2024 | HTML | 0 |
