Top10 publishers:
bobrov68 
sp1d3rs52 
bigbear_37 
isox36 
guido36 Twitter
edio34 
4lemon34 
zombiehelp5431 Twitter
ysx28 
haquaman27 

the unofficial HackerOne disclosure timeline.

X
Ruby on Rails disclosed a bug submitted by jcoyne 
Nested attributes reject_if proc can be circumvented by providing "_destroy" parameter
12 Feb 2016 timeline
Ruby on Rails disclosed a bug submitted by backus 
Validation bypass for Active Record and Active Model
12 Feb 2016 timeline
Khan Academy disclosed a bug submitted by benmassaoud 
XSS vulnerability in "/coach/roster/" ( create your first class)
12 Feb 2016 timeline
Gratipay disclosed a bug submitted by prince 
grtp.co is vulnerable to http-vuln-cve2011-3192
12 Feb 2016 timeline
Caviar disclosed a bug submitted by cliffordtrigo Twitter
Remotely modifying courier Account Details
11 Feb 2016 timeline
Mail.Ru disclosed a bug submitted by konqi 
[allods.my.com] SSRF / XSPA
11 Feb 2016 timeline
ownCloud disclosed a bug submitted by arover7 
otrs.owncloud.com: Reflected Cross-Site Scripting
10 Feb 2016 timeline
Vimeo disclosed a bug submitted by sintheticlabs 
Legacy API exposes private video titles
10 Feb 2016 timeline
Paragon Initiative Enterprises disclosed a bug submitted by karthic 
Missing SPF for https://paragonie.com/
08 Feb 2016 timeline
Keybase disclosed a bug submitted by saeedhashem 
Content spoofing due to the improper behavior of the not-found meesage
08 Feb 2016 timeline
Coinbase disclosed a bug submitted by paulos_ Twitter
OAuth authorization page vulnerable to clickjacking
07 Feb 2016 timeline
Udemy disclosed a bug submitted by shekhar93 
information disclosure
07 Feb 2016 timeline
Paragon Initiative Enterprises disclosed a bug submitted by hat_mast3r 
Open-redirect on paragonie.com
07 Feb 2016 timeline
ownCloud disclosed a bug submitted by 00day 
Self-XSS in mails sent by hello@owncloud.com
06 Feb 2016 timeline
ownCloud disclosed a bug submitted by ishahriyar 
Mixed Active Scripting Issue on stats.owncloud.org
06 Feb 2016 timeline
Keybase disclosed a bug submitted by ahmed_abdalla 
Remote Server Restart Lead to Denial of Server by only one Request.
06 Feb 2016 timeline
ownCloud disclosed a bug submitted by ashesh 
s2.owncloud.com: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability
05 Feb 2016 timeline
ownCloud disclosed a bug submitted by c0ldb00t3r 
*.owncloud.com / *.owncloud.org: Using not strong enough SSL ciphers
05 Feb 2016 timeline
Binary.com disclosed a bug submitted by heracles 
Full takeover of some binary.com sub domains
05 Feb 2016 timeline
Shopify disclosed a bug submitted by sergeym 
many xss in widgets.shopifyapps.com
04 Feb 2016 timeline
1 ... 196 197 198 199 200 ... 272
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM