Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'80 
b'linkks'75 
b'jobert'70 
b'someonenobbd'62 
b'nyymi'57 
b'ooooooo_q'50 
b'haxta4ok00'49 
b'jon_bottarini'49 

the unofficial HackerOne disclosure timeline.

X
b'Mail.ru' disclosed a bug submitted by b'risinghunter' 
b'OTP bypass on user account deletion'
27 Oct 2020 timeline
b'Evernote' disclosed a bug submitted by b'kaulse' 
b'Non-production Open Database In Combination With XXE Leads To SSRF'
27 Oct 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'magzhan' 
b'Cross-site Scripting (XSS) - DOM on https://account.mail.ru/user/garage?back_url=https://mail.ru'
27 Oct 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'johnssimon007' 
b'[nested-property] Prototype Pollution'
27 Oct 2020 timeline
b'NordVPN' disclosed a bug submitted by b'n33dm0n3y' 
b'Password Reset Link not expiring after changing the email Leads To Account Takeover'
27 Oct 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'ryotak' 
b'[http-live-simulator] Application-level DoS'
27 Oct 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'mik317' 
b'[create-git] RCE via insecure command formatting'
26 Oct 2020 timeline
b'Yelp' disclosed a bug submitted by b'parzel' 
b'X-Forward-For Header allows to bypass access restrictions'
26 Oct 2020 timeline
b'8x8' disclosed a bug submitted by b'melbadry9' 
b'Open Redirect on [blog.wavecell.com]'
26 Oct 2020 timeline
b'Twitter' disclosed a bug submitted by b'keer0k' 
b'XSS via referrer parameter'
26 Oct 2020 timeline
b'Twitter' disclosed a bug submitted by b'gokay' 
b'Twitter Media Studio Source Information Disclosure With Analyst Role'
26 Oct 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'artebels' 
b'Insufficient limitation of web page title leads to DoS against ICQ for Android'
24 Oct 2020 timeline
b'Kartpay' disclosed a bug submitted by b'abhhi' 
b'Admin/Info lekage'
24 Oct 2020 timeline
b'Curve' disclosed a bug submitted by b'praseudo7' 
b'Sensitive Info Leak - An Attacker Can Retrieve All the Users Mobile Numbers at https://website-api.production.curve.app/api/waitlist/us'
23 Oct 2020 timeline
b'Shopify' disclosed a bug submitted by b'cforu' 
b'authenticity token not verfied leads to change business name'
23 Oct 2020 timeline
b'DRIVE.NET, Inc.' disclosed a bug submitted by b'what_web' 
b"[www.drive2.ru] Insufficient Security Configurability - The user's can set an existing password as a new password."
23 Oct 2020 timeline
b'DRIVE.NET, Inc.' disclosed a bug submitted by b'what_web' 
b'[www.drive2.ru] Insufficient Security Configurability - The user can using the same password as your current ID.'
23 Oct 2020 timeline
b'DRIVE.NET, Inc.' disclosed a bug submitted by b'what_web' 
b'[www.drive2.ru] Insufficient Security Configurability - Notification message not sent when account is deleted'
23 Oct 2020 timeline
b'DRIVE.NET, Inc.' disclosed a bug submitted by b'what_web' 
b'[www.drive2.ru] Insufficient Security Configurability - Notification email is not sent when email is changed.'
23 Oct 2020 timeline
b'Shopify' disclosed a bug submitted by b'ash_nz' 
b'Undocumented `fileCopy` GraphQL API'
22 Oct 2020 timeline
1 ... 235 236 237 238 239 ... 718
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM