Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'80 
b'linkks'75 
b'jobert'70 
b'someonenobbd'62 
b'nyymi'58 
b'ooooooo_q'52 
b'haxta4ok00'49 
b'jon_bottarini'49 

the unofficial HackerOne disclosure timeline.

X
b'Starbucks' disclosed a bug submitted by b'darwinks' 
b'CSRF in Report Lost or Stolen Page https://www.starbucks.com/account/card'
25 Sep 2017 timeline
b'Rockstar Games' disclosed a bug submitted by b'nahamsec' 
b'Reflected XSS in /Videos/ via calling a callback http://www.rockstargames.com/videos/#/?lb='
25 Sep 2017 timeline
b'Rockstar Games' disclosed a bug submitted by b'nahamsec' 
b'Reflected XSS in reddeadredemption Site located at www.rockstargames.com/reddeadredemption'
25 Sep 2017 timeline
b'Ruby' disclosed a bug submitted by b'ahmadsherif' 
b'Arbitrary heap exposure in JSON.generate'
25 Sep 2017 timeline
b'Unikrn' disclosed a bug submitted by b'nitesculucian' 
b'Improper validation at Phone verification (possible cost increase + SMS SPAM attack)'
24 Sep 2017 timeline
b'Legal Robot' disclosed a bug submitted by b'vishnuprasad' 
b'2FA manual entry uses wrong encoding'
24 Sep 2017 timeline
b'Ruby' disclosed a bug submitted by b'haquaman' 
b'Ruby 2.4.1 has "Stack consistency error" and aborts when processing return statement within a case statement'
24 Sep 2017 timeline
b'Slack' disclosed a bug submitted by b'co3k' 
b'The Custom Emoji Page has a Reflected XSS'
24 Sep 2017 timeline
b'Mixmax' disclosed a bug submitted by b'aliashber1' 
b'app.mixmax.com Information Discloure on cal.mixmax.com and Not Signing out after Removing information grant access from Google'
24 Sep 2017 timeline
b'Starbucks' disclosed a bug submitted by b'ven0ms' 
b'Possible SOP bypass in www.starbucks.com due to insecure crossdomain.xml'
23 Sep 2017 timeline
b'Legal Robot' disclosed a bug submitted by b'pahan123' 
b'Missing homograph filter character'
22 Sep 2017 timeline
b'Shopify' disclosed a bug submitted by b'floyd' 
b'SVG Server Side Request Forgery (SSRF)'
22 Sep 2017 timeline
b'Ruby' disclosed a bug submitted by b'aerodudrizzt' 
b'sprintf combined format string attack'
22 Sep 2017 timeline
b'Pornhub' disclosed a bug submitted by b'cyber-guard' 
b'Unsecured Elasticsearch Instance'
21 Sep 2017 timeline
b'The Internet' disclosed a bug submitted by b'joernchen' 
b'RCE via ssh:// URIs in multiple VCS '
21 Sep 2017 timeline
b'GitLab' disclosed a bug submitted by b'rpearl' 
b'all private tokens are leaked to an unauthenticated attacker'
21 Sep 2017 timeline
b'Legal Robot' disclosed a bug submitted by b'ihusnain49' 
b'Password Complexity '
21 Sep 2017 timeline
b'Whisper' disclosed a bug submitted by b'hackedbrain' 
b'Open Redirection Found in users.whisper.sh'
21 Sep 2017 timeline
b'Zendesk' disclosed a bug submitted by b'intidc' 
b'Twitter SSO allows unverified e-mail registration, leads to Slack and social media hijacks'
21 Sep 2017 timeline
b'GitLab' disclosed a bug submitted by b'intidc' 
b"Access to GitLab's Slack by abusing issue creation from e-mail"
21 Sep 2017 timeline
1 ... 499 500 501 502 503 ... 727
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM