the unofficial HackerOne disclosure timeline.

X
b'Legal Robot' disclosed a bug submitted by b'princesinha' 
b'Profile fields validation bypass'
01 Sep 2017 timeline
b'Rockstar Games' disclosed a bug submitted by b'injexxsor' 
b'Reflected XSS via Double Encoding'
01 Sep 2017 timeline
b'Zomato' disclosed a bug submitted by b'b1t' 
b'Length extension attack leading to HTML injection'
01 Sep 2017 timeline
b'Legal Robot' disclosed a bug submitted by b'amir0ezat' 
b'clickjacking at http://mailboxes.legalrobot-uat.com/'
01 Sep 2017 timeline
b'RubyGems' disclosed a bug submitted by b'mame' 
b'No limit of summary length allows Denail of Service'
31 Aug 2017 timeline
b'RubyGems' disclosed a bug submitted by b'mame' 
b'Installing a crafted gem package may create or overwrite files'
31 Aug 2017 timeline
b'Brave Software' disclosed a bug submitted by b'mattaustin' 
b'URL Spoof / Brave Shield Bypass'
31 Aug 2017 timeline
b'Bookfresh' disclosed a bug submitted by b'stefanofindsbugs' 
b'Reflected XSS on www.bookfresh.com/index.html?view=upload_form'
31 Aug 2017 timeline
b'Vimeo' disclosed a bug submitted by b'stefanofindsbugs' 
b'Reflected XSS on vimeo.com/musicstore'
31 Aug 2017 timeline
b'Vimeo' disclosed a bug submitted by b'stefanofindsbugs' 
b'Stored XSS on player.vimeo.com'
31 Aug 2017 timeline
b'Vimeo' disclosed a bug submitted by b'stefanofindsbugs' 
b'XSS when using captions/subtitles on video player based on Flash (requires user interaction)'
31 Aug 2017 timeline
b'Vimeo' disclosed a bug submitted by b'stefanofindsbugs' 
b'XSS on vimeo.com | "Search within these results" feature (requires user interaction)'
31 Aug 2017 timeline
b'Vimeo' disclosed a bug submitted by b'stefanofindsbugs' 
b'XSS on vimeo.com/home after other user follows you'
31 Aug 2017 timeline
b'Vimeo' disclosed a bug submitted by b'stefanofindsbugs' 
b'XSS on player.vimeo.com without user interaction and vimeo.com with user interaction'
31 Aug 2017 timeline
b'Badoo' disclosed a bug submitted by b'stefanofindsbugs' 
b'Open redirect helps to steal Facebook access_token'
31 Aug 2017 timeline
b'Badoo' disclosed a bug submitted by b'stefanofindsbugs' 
b'crossdomain.xml too permissive on eu1.badoo.com, us1.badoo.com, etc.'
31 Aug 2017 timeline
b'Vimeo' disclosed a bug submitted by b'stefanofindsbugs' 
b'XSS on mobile version of vimeo.com where the button "Follow" appears'
31 Aug 2017 timeline
b'Weblate' disclosed a bug submitted by b'punkit' 
b'Improper Cookie expiration | Cookies Expiration Set to Future '
31 Aug 2017 timeline
b'Legal Robot' disclosed a bug submitted by b'gujjuboy10x00' 
b'No length limit in invite_code can cause server degradation'
31 Aug 2017 timeline
b'RubyGems' disclosed a bug submitted by b'claudijd' 
b'Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier'
30 Aug 2017 timeline
1 ... 543 544 545 546 547 ... 765
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM