Top10 publishers:
bobrov70 
sp1d3rs52 
bigbear_38 
isox36 
guido36 Twitter
edio34 
4lemon34 
jobert32 
geeknik31 
zombiehelp5431 Twitter

the unofficial HackerOne disclosure timeline.

X
Reverb.com disclosed a bug submitted by albatraoz 
Api token exposed in Reverb.com's public github repository
16 May 2018 timeline
Mail.Ru disclosed a bug submitted by s_p_q_r 
[e.mail.ru] XSS ?? ???????? ???????? ????????? ????????
16 May 2018 timeline
Data Processing (IBB) disclosed a bug submitted by geeknik 
Out of bounds read in libcurl's IMAP FETCH response parser
16 May 2018 timeline
Data Processing (IBB) disclosed a bug submitted by geeknik 
CVE-2017-1000101: cURL: URL globbing out of bounds read
16 May 2018 timeline
Data Processing (IBB) disclosed a bug submitted by geeknik 
heap-buffer-overflow (buffer read overrun) in curl: ourWriteOut() src/tool_writeout.c:115
16 May 2018 timeline
Shopify disclosed a bug submitted by flashdisk 
ability to install paid themes for free
16 May 2018 timeline
Reverb.com disclosed a bug submitted by apapedulimu 
Bypassing CSRF Token On Reply Message & Send Message
15 May 2018 timeline
Vimeo disclosed a bug submitted by bugdiscloseguys 
Improper Authentication in Vimeo's API 'versions' endpoint.
15 May 2018 timeline
Node.js third-party modules disclosed a bug submitted by ronperris 
The react-marked-markdown module allows XSS injection in href values.
13 May 2018 timeline
Node.js third-party modules disclosed a bug submitted by chalker 
`base64-url` below 2.0 allocates uninitialized Buffers when number is passed in input
12 May 2018 timeline
Node.js third-party modules disclosed a bug submitted by chalker 
`sql` does not properly escape parameters when building SQL queries, resulting in potential SQLi
12 May 2018 timeline
Node.js third-party modules disclosed a bug submitted by chalker 
`npmconf` (and `npm` js api) allocate and write to disk uninitialized memory content when a typed number is passed as input on Node.js 4.x
12 May 2018 timeline
VK.com disclosed a bug submitted by trainzment 
????????? ?????????? ? ??????? ?????? ??? ??????????
12 May 2018 timeline
HackerOne disclosed a bug submitted by haxta4ok00 
Team object in GraphQL disclosed total number of whitelisted hackers
12 May 2018 timeline
Node.js third-party modules disclosed a bug submitted by chalker 
`byte` allocates uninitialized buffers and reads data from them past the initialized length
11 May 2018 timeline
Node.js third-party modules disclosed a bug submitted by chalker 
`base64url` allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below
11 May 2018 timeline
Node.js third-party modules disclosed a bug submitted by chalker 
`macaddress` concatenates unsanitized input into exec() command
11 May 2018 timeline
Node.js third-party modules disclosed a bug submitted by chalker 
`command-exists` concatenates unsanitized input into exec()/execSync() commands
11 May 2018 timeline
Twitter disclosed a bug submitted by lukeberner 
ms5 debug page exposing internal info (internal IPs, headers)
11 May 2018 timeline
Mail.Ru disclosed a bug submitted by xawdxawdx 
CSRF ?? calendar.mail.ru
11 May 2018 timeline
1 2 3 4 5 ... 279
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM