Top10 publishers:
b'bobrov'117 
b'geeknik'80 
b'linkks'75 
b'jobert'70 
b'sp1d3rs'68 
b'someonenobbd'62 
b'nyymi'55 
b'jon_bottarini'49 
b'haxta4ok00'48 
b'netfuzzer'48 

the unofficial HackerOne disclosure timeline.

X
b'Shopify' disclosed a bug submitted by b'archangel' 
b"[h1-2102] [Oberlo] Least privileged user can cancel account owner's subscription via POST on /payments/subscribe "
17 Jan 2024 timeline
b'Nextcloud' disclosed a bug submitted by b'taise' 
b'Bruteforce protection in password verification can be bypassed'
17 Jan 2024 timeline
b'Nextcloud' disclosed a bug submitted by b'st0nzyy' 
b' Bypass password confirmation via Context-dependent access control (CDCA)'
17 Jan 2024 timeline
b'Nextcloud' disclosed a bug submitted by b'st0nzyy' 
b'Error when editing a calendar appointment returns stacktrace and query'
17 Jan 2024 timeline
b'inDrive' disclosed a bug submitted by b'cypher-28' 
b'SSRF in https://couriers.indrive.com/api/file-storage'
16 Jan 2024 timeline
b'HackerOne' disclosed a bug submitted by b'ahacker1' 
b'View Titles of Private Reports with pending email invitation'
16 Jan 2024 timeline
b'GitHub' disclosed a bug submitted by b'imrerad' 
b'Invite tokens have Insufficient entropy in GHES Management Console '
12 Jan 2024 timeline
b'GitHub' disclosed a bug submitted by b'inspector-ambitious' 
b"RC Between GitHub's Repo Transfer REST API and updateTeamsRepository GraphQL Mutation Results in Covert and Persistent Admin Access Retention"
12 Jan 2024 timeline
b'Mozilla Core Services' disclosed a bug submitted by b'callmed0_4' 
b'Internal Blind Server-Side Request Forgery (SSRF) allows scanning internal ports'
12 Jan 2024 timeline
b'TikTok' disclosed a bug submitted by b'ashrafabdelrazik' 
b'Reflected XSS On [https://www-useast1a.tiktok.com/ug/incentive/share/hd]'
12 Jan 2024 timeline
b'Mozilla Critical Services' disclosed a bug submitted by b'francisconeves97' 
b'Exposure of account recovery hint by querying by user email'
11 Jan 2024 timeline
b'LinkedIn' disclosed a bug submitted by b'find_me_here' 
b'Users can access exams in course without having to subscribe to PREMIUM'
10 Jan 2024 timeline
b'Nextcloud' disclosed a bug submitted by b'maholli' 
b'Blind SSRF in Mail App'
10 Jan 2024 timeline
b'TikTok' disclosed a bug submitted by b'ashrafabdelrazik' 
b'RXSS on TikTok endpoints'
09 Jan 2024 timeline
b'TikTok' disclosed a bug submitted by b'ashrafabdelrazik' 
b'RXSS via region parameter'
09 Jan 2024 timeline
b'Internet Bug Bounty' disclosed a bug submitted by b'0xt4req' 
b'CVE-2023-49920: Apache Airflow: Missing CSRF protection on DAG/trigger'
09 Jan 2024 timeline
b'Hyperledger' disclosed a bug submitted by b'yacovm' 
b'CVE-2023-46132'
08 Jan 2024 timeline
b'GitHub' disclosed a bug submitted by b'ahacker1' 
b'View Repo and Title of Any Private Check Run'
08 Jan 2024 timeline
b'GitHub' disclosed a bug submitted by b'imrerad' 
b'GHES Management console EoP (editor to site admin)'
08 Jan 2024 timeline
b'Ruby' disclosed a bug submitted by b'ooooooo_q' 
b'The taint flag is not propagated at JSON.parse'
05 Jan 2024 timeline
1 ... 8 9 10 11 12 ... 692
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM