Top10 publishers:
bobrov114 
linkks73 
geeknik71 
sp1d3rs62 
jobert52 
guido45 Twitter
bl4de42 
ryat40 
bigbear_38 
zombiehelp5437 Twitter

the unofficial HackerOne disclosure timeline.

X
Endless Hosting disclosed a bug submitted by gr3yc4t26 
CVE-2017-8779 exploit on open rpcbind port could lead to remote DoS
12 Feb 2020 timeline
Yelp disclosed a bug submitted by md15ev 
No rate limiting for confirmation email lead to email flooding
11 Feb 2020 timeline
Starbucks disclosed a bug submitted by nnez 
Thailand - Insecure Direct Object Reference permits an unauthorized user to transfer funds from a victim using only the victims Starbucks card
11 Feb 2020 timeline
HackerOne disclosed a bug submitted by haxta4ok00 
Unauthorized user can obtain `report_sources` attribute through Team GraphQL object
10 Feb 2020 timeline
VLC (European Commission - DIG disclosed a bug submitted by qrayn 
VLC 4.0.0 - Stack Buffer Overflow (SEH)
10 Feb 2020 timeline
Localize disclosed a bug submitted by zerboa 
2-factor authentication can be disabled when logged in without confirming account password
10 Feb 2020 timeline
Stripo Inc disclosed a bug submitted by qotoz 
csrf bypass using flash file + 307 redirect method at plugins endpoint
10 Feb 2020 timeline
Stripo Inc disclosed a bug submitted by anais 
Able to download any hosted content on AWS S3 bucket(stripo)
10 Feb 2020 timeline
Nextcloud disclosed a bug submitted by whitehattushu 
No session logout after changing password & alsoandroid sessions not shown in sessions list so they can be deleted
09 Feb 2020 timeline
NordVPN disclosed a bug submitted by th3pr0xyb0y 
No Rate Limit On Forgot Password Page Of NordVPN
08 Feb 2020 timeline
TTS Bug Bounty disclosed a bug submitted by johnh4x0r 
Content injection via URL parameter.
08 Feb 2020 timeline
Twitter disclosed a bug submitted by jayesh25 
Bypass Password Authentication for updating email and phone number - Security Vulnerability
08 Feb 2020 timeline
Infogram disclosed a bug submitted by 4m4n 
Bypass to report #280389 [Thinking The issue is not fixed Yet]
07 Feb 2020 timeline
Redtube disclosed a bug submitted by johndoe1492 
Blind XSS in redtube administering site my.reflected.net
07 Feb 2020 timeline
Node.js third-party modules disclosed a bug submitted by ermilov 
[script-manager] Unintended require
07 Feb 2020 timeline
Node.js third-party modules disclosed a bug submitted by ermilov 
[jsreport] Remote Code Execution
07 Feb 2020 timeline
Localize disclosed a bug submitted by harr2 
The password limit is not set, [DoS].
06 Feb 2020 timeline
Localize disclosed a bug submitted by moodiabdoul3 
Stored XSS in Name of Team Member Invitation
06 Feb 2020 timeline
Node.js disclosed a bug submitted by rogierschouten 
Remotely trigger an assertion on a TLS server with a malformed certificate string
06 Feb 2020 timeline
Localize disclosed a bug submitted by hckit_02 
Nginx version is disclosed in HTTP response
06 Feb 2020 timeline
1 2 3 4 5 ... 406
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM