Top10 publishers:
bobrov117 
linkks75 
geeknik75 
sp1d3rs66 
jobert60 
jon_bottarini48 
ryat47 
netfuzzer47 
guido45 Twitter
bl4de42 

the unofficial HackerOne disclosure timeline.

X
Lark Technologies disclosed a bug submitted by imran_nisar 
Stealing app credentials by reflected xss on Lark Suite
26 Feb 2021 timeline
Uber disclosed a bug submitted by apolo2 
Thumbor misconfiguration at blogapi.uber.com can lead to DoS
25 Feb 2021 timeline
Uber disclosed a bug submitted by mariogomez1 
stack trace exposed on https://receipts.uber.com/
25 Feb 2021 timeline
Uber disclosed a bug submitted by corb3nik 
[First 30] Stored XSS on login.uber.com/oauth/v2/authorize via redirect_uri parameter
25 Feb 2021 timeline
Uber disclosed a bug submitted by corb3nik 
Stored XSS on auth.uber.com/oauth/v2/authorize via redirect_uri parameter leads to Account Takeover
25 Feb 2021 timeline
Uber disclosed a bug submitted by healdb 
Outdated Wordpress installation and plugins at www.uberxgermany.com create CSRF and XSS vulnerabilities
25 Feb 2021 timeline
Uber disclosed a bug submitted by tomnomnom 
[Pre-Submission][H1-4420-2019] API access to Phabricator on code.uberinternal.com from leaked certificate in git repo
25 Feb 2021 timeline
Uber disclosed a bug submitted by fawazxq 
Disclosure of Co-Rider user (Uber-pooling) profile picture at Amazon AWS Cloudfront within HTTP RESPONSE
25 Feb 2021 timeline
Uber disclosed a bug submitted by phwd 
Listing of email addresses of whitelisted business users visible at business.uber.com
25 Feb 2021 timeline
Uber disclosed a bug submitted by rijalrojan 
Uber employees are sharing information on productforums.google.com
25 Feb 2021 timeline
Uber disclosed a bug submitted by 0xd0m7 
[usuppliers.uber.com] - Server Side Request Forgery via XXE OOB
25 Feb 2021 timeline
Uber disclosed a bug submitted by orange 
Arbitrary File Reading on Uber SSL VPN
25 Feb 2021 timeline
Weblate disclosed a bug submitted by anotherhoax 
Race Condition allows to get more free trials and get more than 100 languages and strings for free
25 Feb 2021 timeline
CS Money disclosed a bug submitted by gatolouco 
Cookie poisoning leads to DOS and Privacy Violation
25 Feb 2021 timeline
Dropbox disclosed a bug submitted by cybxis 
`account_info.read` scope OAuth app access token can change token owner's account name.
25 Feb 2021 timeline
Automattic disclosed a bug submitted by telaviv_h4x0r 
information disclosure lead to disclose users private notes
25 Feb 2021 timeline
FetLife disclosed a bug submitted by kapkan 
Stored XSS via `Create a Fetish` section.
25 Feb 2021 timeline
Logitech disclosed a bug submitted by nrockhouse 
SSRF allows reading AWS EC2 metadata using "readapi" variable in Streamlabs Cloudbot
24 Feb 2021 timeline
Shopify disclosed a bug submitted by todayisnew 
Subdomain Takeover Via unclaimed Heroku Instance tim-exclusive.shopify.com
24 Feb 2021 timeline
1 2 3 ... 519
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM