Top10 publishers:
bobrov107 
sp1d3rs54 
jobert41 
bigbear_38 
bl4de37 
guido37 Twitter
isox36 
4lemon35 
geeknik35 
edio34 

the unofficial HackerOne disclosure timeline.

X
Hanno's projects disclosed a bug submitted by zophi 
Open redirect on the https://tt.hboeck.de
03 Mar 2019 timeline
GitLab disclosed a bug submitted by jobert 
Snippet JS template allows attacker to read a user's private snippets
03 Mar 2019 timeline
Urban Dictionary disclosed a bug submitted by red_assassin 
Users able to set video url for unpublished words and able to see the name of unpublished words
02 Mar 2019 timeline
Imgur disclosed a bug submitted by giddsec 
Stored XSS on imgur profile
02 Mar 2019 timeline
Twitter disclosed a bug submitted by mik317 
CSRF on https://www.niche.co leads to "account disconnection"
02 Mar 2019 timeline
Node.js third-party modules disclosed a bug submitted by skyn3t 
[glance] Access unlisted internal files/folders revealing sensitive information
28 Feb 2019 timeline
Twitter disclosed a bug submitted by healdb 
Takeover of Twitter-owned domain at mobileapplinking.com
28 Feb 2019 timeline
Twitter disclosed a bug submitted by mik317 
CSRF and probable account takeover on https://www.niche.co
28 Feb 2019 timeline
Mavenlink disclosed a bug submitted by tolo7010 
User uploaded portfolio files can be accessed by any user even after deleted
27 Feb 2019 timeline
Mavenlink disclosed a bug submitted by tolo7010 
CSRF Add user templates
27 Feb 2019 timeline
Instacart disclosed a bug submitted by tolo7010 
CSRF Trial 14 days express subscription
27 Feb 2019 timeline
Mail.ru disclosed a bug submitted by bagipro 
[Mail.Ru Android] Typo in permission name allows to write contacts without user knowledge
26 Feb 2019 timeline
Postmates disclosed a bug submitted by davidalbert 
Web cache poisoning attack leads to user information and more
26 Feb 2019 timeline
DuckDuckGo disclosed a bug submitted by mik317 
Partial bypass of #483774 with Blind XXE on https://duckduckgo.com
25 Feb 2019 timeline
InnoGames disclosed a bug submitted by wwshack 
Information disclosure via ".htaccess" at https://login.innogames.de
25 Feb 2019 timeline
VK.com disclosed a bug submitted by page1337 
Page replacement and redirect loop
24 Feb 2019 timeline
Gatecoin disclosed a bug submitted by p4fg 
API request signature can be reused with other parameters/data than the original in certain cases
23 Feb 2019 timeline
Slack disclosed a bug submitted by kiyell 
AWS bucket leading to iOS test build code and configuration exposure
23 Feb 2019 timeline
Slack disclosed a bug submitted by elber 
Bypass of the SSRF protection in Event Subscriptions parameter.
22 Feb 2019 timeline
Slack disclosed a bug submitted by elber 
SSRF in api.slack.com, using slash commands and bypassing the protections.
22 Feb 2019 timeline
1 2 3 4 5 ... 327
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM