Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'80 
b'linkks'75 
b'jobert'70 
b'someonenobbd'62 
b'nyymi'57 
b'ooooooo_q'50 
b'haxta4ok00'49 
b'jon_bottarini'49 

the unofficial HackerOne disclosure timeline.

X
b'Node.js third-party modules' disclosed a bug submitted by b'bp0lr' 
b'[sirloin] Web Server Directory Traversal via Crafted GET Request'
30 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'zerox4' 
b'XSS Stored via Upload avatar PNG [HTML] File in accounts.shopify.com'
30 Aug 2020 timeline
b'WakaTime' disclosed a bug submitted by b'hy76t56f565' 
b'Private leaderboard owner email disclosure when sending invites'
28 Aug 2020 timeline
b'Slack' disclosed a bug submitted by b'oskarsv' 
b'Remote Code Execution in Slack desktop apps + bonus'
28 Aug 2020 timeline
b'WordPress' disclosed a bug submitted by b'kahoots' 
b'XSS via unicode characters in upload filename'
28 Aug 2020 timeline
b'Qulture.Rocks' disclosed a bug submitted by b'wisp' 
b'XSS from arbitrary attachment upload.'
28 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'saltymermaid' 
b'Ability to publish a paid theme without purchasing it.'
27 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'saltymermaid' 
b'Ability to publish a paid theme without purchasing it.'
27 Aug 2020 timeline
b'Khan Academy' disclosed a bug submitted by b'demonia' 
b'CSV Injection Via Student Password/Name Leads To Client Side RCE And Reading Client Files'
27 Aug 2020 timeline
b'Ruby on Rails' disclosed a bug submitted by b'jregele' 
b'The authenticity_token can be reversed and used to forge valid per_form_csrf_tokens for arbitrary routes'
27 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'phra' 
b'notevil - Sandbox Escape Lead to RCE on Node.js and XSS in the Browser'
27 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'chalker' 
b'[bl] Uninitialized memory exposure via negative .consume()'
27 Aug 2020 timeline
b'Open-Xchange' disclosed a bug submitted by b'catenacyber' 
b'Failed assert in `mail_index_transaction_lookup`'
27 Aug 2020 timeline
b'Open-Xchange' disclosed a bug submitted by b'catenacyber' 
b'Assert failed in `edit_mail_istream_read`'
27 Aug 2020 timeline
b'Open-Xchange' disclosed a bug submitted by b'catenacyber' 
b'Null dereference in `cmd_denotify_operation_execute`'
27 Aug 2020 timeline
b'Visma Public' disclosed a bug submitted by b'4mat' 
b'Stored XSS in eaccounting.stage.vismaonline.com'
27 Aug 2020 timeline
b'HackerOne' disclosed a bug submitted by b'0619' 
b'Graphql: Sorting the reports by jira_status field resulted to different value'
27 Aug 2020 timeline
b'GitLab' disclosed a bug submitted by b'rioncool22' 
b'Stored XSS in "Create Groups"'
26 Aug 2020 timeline
b'GitLab' disclosed a bug submitted by b'u3mur4' 
b'An attacker can run pipeline jobs as arbitrary user'
26 Aug 2020 timeline
b'GitLab' disclosed a bug submitted by b'skavans' 
b'Privilege escalation from any user (including external) to gitlab admin when admin impersonates you'
26 Aug 2020 timeline
1 ... 250 251 252 253 254 ... 719
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM