Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'83 
b'linkks'75 
b'jobert'70 
b'nyymi'62 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Gratipay' disclosed a bug submitted by b'arslan1337' 
b'XSS found In Your Web'
01 Oct 2017 timeline
b'Gratipay' disclosed a bug submitted by b'atom' 
b'protect against tabnabbing in statement'
01 Oct 2017 timeline
b'Twitter' disclosed a bug submitted by b'bobrov' 
b'[dev.twitter.com] XSS and Open Redirect'
29 Sep 2017 timeline
b'Twitter' disclosed a bug submitted by b'hassham' 
b'Sensitive Information Disclosure https://cards-dev.twitter.com'
29 Sep 2017 timeline
b'ExpressionEngine' disclosed a bug submitted by b'hogarth45' 
b'Reflective XSS'
29 Sep 2017 timeline
b'Vimeo' disclosed a bug submitted by b'koenrh' 
b'Disclosure of sensitive information through Google Cloud Storage bucket'
29 Sep 2017 timeline
b'Aspen' disclosed a bug submitted by b'rey_7' 
b'Information leakage on django.aspen.io'
29 Sep 2017 timeline
b'Aspen' disclosed a bug submitted by b'yumi' 
b'client_secret Token disclosure '
28 Sep 2017 timeline
b'Aspen' disclosed a bug submitted by b'saikiran-10099' 
b'No Rate Limit (Leads to huge email flooding/email bombing)'
28 Sep 2017 timeline
b'Shopify' disclosed a bug submitted by b'uzsunny' 
b'Shopify admin authentication bypass using partners.shopify.com'
28 Sep 2017 timeline
b'bitwarden' disclosed a bug submitted by b'kenziy' 
b'Export vault feature is vulnerable to CSV injection'
28 Sep 2017 timeline
b'Ubiquiti Networks' disclosed a bug submitted by b'inhibitor181' 
b'Stored XSS / Bypassing .htaccess protection in http://nodebb.ubnt.com/'
28 Sep 2017 timeline
b'Lyst' disclosed a bug submitted by b'inhibitor181' 
b'CSRF - Adding unlimited number of saved items via GET request'
28 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b'IDOR - Downloading all attachements if having access to a shared link'
28 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b"IDOR - Deleting other user's reminders just by id"
28 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b"IDOR - Leaking other user's folder names from /appsuite/api/import?action=ICA"
28 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b"IDOR - Deleting other user's signature via /appsuite/api/snippet?action=update (although an error is thrown)"
28 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b"IDOR - Accessing other user's attachements via PUT /appsuite/api/files?action=saveAs"
28 Sep 2017 timeline
b'Open-Xchange' disclosed a bug submitted by b'inhibitor181' 
b'RTLO character in file names'
28 Sep 2017 timeline
b'TTS Bug Bounty' disclosed a bug submitted by b'sp1d3rs' 
b"Cross-Site Request Forgery on the Federalist API (all endpoints), using Flash file on the attacker's host"
27 Sep 2017 timeline
1 ... 508 509 510 511 512 ... 738
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM