Top10 publishers:
bobrov107 
sp1d3rs54 
jobert44 
bl4de39 
bigbear_38 
guido37 Twitter
isox36 
geeknik35 
4lemon35 
edio34 

the unofficial HackerOne disclosure timeline.

X
Monero disclosed a bug submitted by organdonor1 
RingCT malformed tx prevents target from being able to sweep balance
20 Apr 2019 timeline
GitLab disclosed a bug submitted by jobert 
JSON serialization of any Project model results in all Runner tokens being exposed through Quick Actions
20 Apr 2019 timeline
concrete5 disclosed a bug submitted by hexife 
SVG file that HTML Included is able to upload via File Manager
20 Apr 2019 timeline
HackerOne disclosed a bug submitted by constructor2019 
Homograph attack in escalate report
19 Apr 2019 timeline
Twitter disclosed a bug submitted by terjanq 
Protected tweets exposure through the URL
19 Apr 2019 timeline
GitLab disclosed a bug submitted by rijalrojan 
Full access to internal Gitlab instances at redash.gitlab.com, dashboards.gitlab.com, prometheus.gitlab.com
19 Apr 2019 timeline
Shopify disclosed a bug submitted by filedescriptor 
H1514 DOMXSS on Embedded SDK via Shopify.API.setWindowLocation abusing cookie Stuffing
17 Apr 2019 timeline
Nextcloud disclosed a bug submitted by foobar7 
Talk / spreed: Disclosure of Room names and participants for password protected rooms
17 Apr 2019 timeline
Central Security Project disclosed a bug submitted by amassey 
c3p0 may be exploited by a Billion Laughs Attack when loading XML configuration
16 Apr 2019 timeline
Zomato disclosed a bug submitted by pasw 
[api.zomato.com] Able to manipulate order amount
16 Apr 2019 timeline
Zomato disclosed a bug submitted by vipinbihari 
Bypassing the SMS sending limit for download app link.
16 Apr 2019 timeline
Zomato disclosed a bug submitted by vipinbihari 
Sending Unlimited Emails to anyone from zomato mail server.
16 Apr 2019 timeline
Razer US disclosed a bug submitted by abdilahrf_ 
Jenkins instance exposed without authentication
15 Apr 2019 timeline
Lob disclosed a bug submitted by ghostin 
Discloser of Internal Ip address
15 Apr 2019 timeline
Ed disclosed a bug submitted by drstache 
securitytemplate.site domain hijack
15 Apr 2019 timeline
Automattic disclosed a bug submitted by bugraeskici 
No Rate Limit on CrowdSignal Polls when Adding Comment
13 Apr 2019 timeline
GitLab disclosed a bug submitted by plazmaz 
SSRF in CI after first run
12 Apr 2019 timeline
HackerOne disclosed a bug submitted by kusl 
Previous attachments can be referenced when creating a new report
12 Apr 2019 timeline
SEMrush disclosed a bug submitted by memon 
Web cache deception attack - expose earning state information
12 Apr 2019 timeline
1 2 3 ... 333
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM