Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'80 
b'linkks'75 
b'jobert'70 
b'someonenobbd'62 
b'nyymi'57 
b'ooooooo_q'50 
b'haxta4ok00'49 
b'jon_bottarini'49 

the unofficial HackerOne disclosure timeline.

X
b'HackerOne' disclosed a bug submitted by b'haxta4ok00' 
b'Team object in GraphQL disclosed private_comment'
10 Sep 2020 timeline
b'Twitter' disclosed a bug submitted by b'cyanpiny' 
b'Safe Redirect Bypass '
10 Sep 2020 timeline
b'Shipt' disclosed a bug submitted by b'tester1231233' 
b'bypass the [OKTA] login redirect can lead to disclosing limited-information about the sub-domain at [ shiptsec.com ]'
10 Sep 2020 timeline
b'Razer' disclosed a bug submitted by b'jackb898' 
b'THX Tuneup Survey feedback disclosure via Google cached content for apps.thx.com'
10 Sep 2020 timeline
b'Topcoder' disclosed a bug submitted by b'mase289' 
b'SSRF at https://cognitive.topcoder.com leads to AWS instance metadata due to vulnerable email subscription feature'
10 Sep 2020 timeline
b'Smartsheet' disclosed a bug submitted by b'soareswallace' 
b'Smartsheet employees email disclosure through enpoint after login.'
09 Sep 2020 timeline
b'GitLab' disclosed a bug submitted by b'vakzz' 
b'Stored XSS in markdown when redacting references'
09 Sep 2020 timeline
b'GitLab' disclosed a bug submitted by b'vakzz' 
b'Stored XSS on PyPi simple API endpoint'
09 Sep 2020 timeline
b'Valve' disclosed a bug submitted by b'njbooher' 
b'Unauthorized updates to extended_info properties in /store/ajaxpackagesave'
09 Sep 2020 timeline
b'Valve' disclosed a bug submitted by b'njbooher' 
b'Add apps to packages 0, 61, 62 with /store/ajaxpackagemerge'
09 Sep 2020 timeline
b'Shopify' disclosed a bug submitted by b'jaka_tingkir' 
b'damage to the timeline so that comment fields cannot be displayed or not available to all members in the store'
09 Sep 2020 timeline
b'Staging.every.org' disclosed a bug submitted by b'bugra' 
b'Race Condition when following a user'
09 Sep 2020 timeline
b'InnoGames' disclosed a bug submitted by b'rzx007x' 
b'Blind SQL Injection '
08 Sep 2020 timeline
b'GitLab' disclosed a bug submitted by b'jackb898' 
b'EXIF metadata not stripped from JPG group logos'
08 Sep 2020 timeline
b'GitLab' disclosed a bug submitted by b'vakzz' 
b'Injection of `http.<url>.*` git config settings leading to SSRF'
08 Sep 2020 timeline
b'GitLab' disclosed a bug submitted by b'kryword' 
b'Members from parent group keep their access level on a subgroup transfer and are invisible'
08 Sep 2020 timeline
b'GitLab' disclosed a bug submitted by b'lucash-dev' 
b'SSRF into Shared Runner, by replacing dockerd with malicious server in Executor'
08 Sep 2020 timeline
b'Stripo Inc' disclosed a bug submitted by b'binit' 
b"No CSRF Protection in Resend Confirmation Email feature leads to Sending Unwanted Email in Victim's Inbox without knowing Victim's email address"
08 Sep 2020 timeline
b"Hanno's projects" disclosed a bug submitted by b'dragonjar' 
b"[bugs.fuzzing-project.org] HTML Injection via 'custom_field_7[]' parameter in '/view_all_set.php'"
08 Sep 2020 timeline
b'Endless Hosting' disclosed a bug submitted by b'pirneci' 
b'XSS on https://fax.pbx.itsendless.org/ (CVE-2017-18024)'
07 Sep 2020 timeline
1 ... 246 247 248 249 250 ... 719
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM