Top10 publishers:
bobrov70 
sp1d3rs52 
bigbear_38 
bl4de37 
guido37 Twitter
isox36 
edio34 
4lemon34 
geeknik33 
jobert33 

the unofficial HackerOne disclosure timeline.

X
BOHEMIA INTERACTIVE a.s. disclosed a bug submitted by ethancruize 
Stealing Users OAUTH Tokens via redirect_uri
14 Sep 2018 timeline
Dropbox disclosed a bug submitted by todayisnew 
Exposed Git Repo at http://fileserver.dropboxbusiness.com
14 Sep 2018 timeline
Shipt disclosed a bug submitted by s3cur3 
Any user can completely delete their own account without authorization and/or going through any kind of membership cancellation protocol.
12 Sep 2018 timeline
OV-chipkaart disclosed a bug submitted by bandjes 
Personal data of all Dutch public transport cards ("OV-Chipkaart") accessible
11 Sep 2018 timeline
HubSpot disclosed a bug submitted by m7mdharoun 
Reflected XSS and Server Side Template Injection in all HubSpot CMSes
11 Sep 2018 timeline
Grabtaxi Holdings Pte Ltd disclosed a bug submitted by xsam 
Leaking sensitive information on Github lead full access to all Grab Slack channels
11 Sep 2018 timeline
Zomato disclosed a bug submitted by gerben_javado 
[www.zomato.com] SQLi - /php/?????????? - item_id
11 Sep 2018 timeline
Zomato disclosed a bug submitted by shivasurya 
Phishing user to download malicious app could lead to leakage of User Access Token, Email, Name and Profile photo via exported RemoteService
11 Sep 2018 timeline
Node.js third-party modules disclosed a bug submitted by becojo 
[express-cart] Customer and admin email enumeration through MongoDB injection
10 Sep 2018 timeline
Ubiquiti Networks disclosed a bug submitted by smiegles Twitter
Public Jenkins instance with /script enabled
10 Sep 2018 timeline
Weblate disclosed a bug submitted by str33 
Open port leads to information disclosure
10 Sep 2018 timeline
LocalTapiola disclosed a bug submitted by lovepakistan 
User Information Disclosure via the REST API - /?_method=GET
10 Sep 2018 timeline
LocalTapiola disclosed a bug submitted by lovepakistan 
F5 BigIP Backend Cookie Disclosure
10 Sep 2018 timeline
LocalTapiola disclosed a bug submitted by linkks 
WordPress username enumeration (/author)
09 Sep 2018 timeline
Mavenlink disclosed a bug submitted by rashedhasan007 
Participation of expired account holders in Projects can occure financial loss to Mavenlink
09 Sep 2018 timeline
Informatica disclosed a bug submitted by panckazzz 
Reflected XSS
09 Sep 2018 timeline
Node.js third-party modules disclosed a bug submitted by douglas_hall 
[ascii-art] Command injection
08 Sep 2018 timeline
Reverb.com disclosed a bug submitted by kiyell 
XSS in buying and selling pages, can created spoofed content (false login message)
08 Sep 2018 timeline
Reverb.com disclosed a bug submitted by kiyell 
XSS in main search, use class tag to imitate Reverb.com core functionality, create false login window
08 Sep 2018 timeline
Node.js third-party modules disclosed a bug submitted by cris_semmle 
Command Injection is ps Package
07 Sep 2018 timeline
1 2 3 4 5 ... 299
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM