Top10 publishers:
bobrov60 
isox36 
4lemon34 
zombiehelp5430 Twitter
ston327 
smiegles27 Twitter
shahmeer_amir26 
jobert26 
haquaman26 
guido26 Twitter

the unofficial HackerOne disclosure timeline.

X
WakaTime disclosed a bug submitted by footstep 
Email Injection through Password Reset
20 Jul 2017 timeline
Legal Robot disclosed a bug submitted by mostafamamdoh 
Token leakage by referrer
19 Jul 2017 timeline
Shopify disclosed a bug submitted by inhibitor181 
IDOR [partners.shopify.com] - User with ONLY Manage apps permission is able to get shops info and staff names from inside the shop
19 Jul 2017 timeline
Zomato disclosed a bug submitted by kuroi-sh 
SQL Injection, exploitable in boolean mode
19 Jul 2017 timeline
Zomato disclosed a bug submitted by gerben_javado 
[?????????] Hardcoded credentials in Android App
19 Jul 2017 timeline
Legal Robot disclosed a bug submitted by brdoors4 
Non-functional 2FA recovery codes
19 Jul 2017 timeline
Mixmax disclosed a bug submitted by encrypt 
Blind SSRF due to img tag injection in career form
19 Jul 2017 timeline
Legal Robot disclosed a bug submitted by zk34911 
Users with 2FA can have multiple sessions
19 Jul 2017 timeline
ThisData disclosed a bug submitted by pabster 
Insecure Cache-Control Leading to API key Retrieval
18 Jul 2017 timeline
Mixmax disclosed a bug submitted by cablej Twitter
SSRF via webhook
18 Jul 2017 timeline
Legal Robot disclosed a bug submitted by babayaga_ 
Intercom chat session information persists after logout
18 Jul 2017 timeline
WakaTime disclosed a bug submitted by 3thic4l 
No rate limit on creating private leaderboards.
18 Jul 2017 timeline
Legal Robot disclosed a bug submitted by fletcherr 
User enumeration
18 Jul 2017 timeline
WordPress disclosed a bug submitted by skansing 
Wordpress 4.7.2 - Two XSS in Media Upload when file too large.
17 Jul 2017 timeline
WordPress disclosed a bug submitted by skansing 
Infrastructure - Photon - SSRF
17 Jul 2017 timeline
Slack disclosed a bug submitted by bagipro 
Access of Android protected components via embedded intent
17 Jul 2017 timeline
Legal Robot disclosed a bug submitted by todayisnew 
Domain takeover (legalrobot.co.za)
17 Jul 2017 timeline
Rockstar Games disclosed a bug submitted by netfuzzer 
XSS in http://www.rockstargames.com/theballadofgaytony/js/jquery.base.js
17 Jul 2017 timeline
Mail.Ru disclosed a bug submitted by haxta4ok00 
????? basic ??????????? [qpt.mail.ru]
17 Jul 2017 timeline
1 2 3 ... 208
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM