Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'80 
b'linkks'75 
b'jobert'70 
b'someonenobbd'62 
b'nyymi'58 
b'ooooooo_q'52 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Slack' disclosed a bug submitted by b'shell_c0de' 
b'Private application files can be uploaded to Slack via malicious uploader'
04 Aug 2021 timeline
b'HackerOne' disclosed a bug submitted by b'brdoors3' 
b"Information disclosure - Feedback is accessible on Public profile even after 'disallowed' at https://hackerone.com/settings/feedback"
03 Aug 2021 timeline
b'Elastic' disclosed a bug submitted by b'superman85' 
b'[Swiftype] - Stored XSS via document field `url` triggers on `https://app.swiftype.com/engines/<engine>/document_types/<type>/documents/<id>`'
03 Aug 2021 timeline
b'Elastic' disclosed a bug submitted by b'superman85' 
b'Improper authorization on `/api/as/v1/credentials/` for Dev Role User with Limited Engine Access'
03 Aug 2021 timeline
b'Informatica' disclosed a bug submitted by b'montypythin' 
b'Improper Sanitization leads to XSS Fire on admin panel'
03 Aug 2021 timeline
b'GitHub Security Lab' disclosed a bug submitted by b'artem' 
b'Java: Unsafe deserialization with Jackson'
02 Aug 2021 timeline
b'GitHub Security Lab' disclosed a bug submitted by b'someonenobbd' 
b"[Java] CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')"
02 Aug 2021 timeline
b'GitHub Security Lab' disclosed a bug submitted by b'jorgectf' 
b'[Python] CWE-287: LDAP Improper Authentication'
02 Aug 2021 timeline
b'GitHub Security Lab' disclosed a bug submitted by b'someonenobbd' 
b'[Python]: Add SqlAlchemy support for SQL injection query'
02 Aug 2021 timeline
b'GitHub Security Lab' disclosed a bug submitted by b'p0wn4j' 
b'[Java] CWE-601: Add Spring URL Redirect ResponseEntity sink'
02 Aug 2021 timeline
b'GitLab' disclosed a bug submitted by b'az3z3l' 
b'CSRF on /api/graphql allows executing mutations through GET requests'
02 Aug 2021 timeline
b'Bitwarden' disclosed a bug submitted by b'jjlin' 
b'When uploading attachments, unencrypted file names are made available to the server'
02 Aug 2021 timeline
b'Sifchain' disclosed a bug submitted by b'n33dm0n3y' 
b'Vulnerable javascript dependency at Main domain'
02 Aug 2021 timeline
b'Nextcloud' disclosed a bug submitted by b'abdullah-a' 
b'Two-factor authentication enforcement bypass'
31 Jul 2021 timeline
b'Rocket.Chat' disclosed a bug submitted by b'sonarsource' 
b'Post-Auth Blind NoSQL Injection in the users.list API leads to Remote Code Execution'
31 Jul 2021 timeline
b'Snapchat' disclosed a bug submitted by b'rms' 
b'Bitmoji source code is accessible'
31 Jul 2021 timeline
b'UPchieve' disclosed a bug submitted by b'ben_lay' 
b'url redirection'
30 Jul 2021 timeline
b'8x8' disclosed a bug submitted by b'melbadry9' 
b'DNS Misconfiguration (Subdomain Takeover) - .8x8.com'
30 Jul 2021 timeline
b'Stripo Inc' disclosed a bug submitted by b'jmrcsnchz' 
b'Bypassing Content-Security-Policy leads to open-redirect and iframe xss'
30 Jul 2021 timeline
b'Snapchat' disclosed a bug submitted by b'txt3rob' 
b'Exposed Kubernetes API - RCE/Exposed Creds'
29 Jul 2021 timeline
1 ... 171 172 173 174 175 ... 730
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM