Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'80 
b'linkks'75 
b'jobert'70 
b'someonenobbd'62 
b'nyymi'57 
b'ooooooo_q'50 
b'haxta4ok00'49 
b'jon_bottarini'49 

the unofficial HackerOne disclosure timeline.

X
b'Dropcontact' disclosed a bug submitted by b'vbdev' 
b'Django debug enabled showing information about system, database, configuration files.'
21 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'higbee' 
b'Django should not have debug mode enabled'
21 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'exploit_db' 
b'Sensitive Information Disclosure'
21 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'awarau' 
b'Prototype Pollution lodash 4.17.15'
21 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'aungkyawphyo' 
b'Django DEBUG mode enabled and leaked system information.'
21 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'try___for_impossible' 
b'Information Disclosure through DEBUG at Subscription [https://app.dropcontact.io/app/subscription?connector=salesforce](CRITICAL)'
21 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'elmahdi' 
b'Registering with email [ +70 Chars ] Lead to Disclose some informations [Django Debug Mode ]'
21 Aug 2020 timeline
b'GitHub Security Lab' disclosed a bug submitted by b'someonenobbd' 
b'Java: CWE-522 Insecure basic authentication'
20 Aug 2020 timeline
b'GitHub Security Lab' disclosed a bug submitted by b'someonenobbd' 
b'[javascript] CWE-117: CodeQL query to detect Log Injection'
20 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'n1m0' 
b"Dropcontact's disclosed report is exposing Private/Confidential information"
20 Aug 2020 timeline
b'DuckDuckGo' disclosed a bug submitted by b'sijisu' 
b'DOM XSS on duckduckgo.com search'
20 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'try___for_impossible' 
b"API key is not validated for C.R.M integration [Pipedrive] of LOGGED IN USER, A user can use another USER'S API key for this operation."
20 Aug 2020 timeline
b'Twitter' disclosed a bug submitted by b'filedescriptor' 
b'Insufficient validation on Digits bridge'
20 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'0x1337r00t' 
b'[supermixer] Prototype pollution'
20 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[extra-ffmpeg] Command Injection via insecure command formatting'
20 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[object-path-set] Prototype pollution'
20 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[vboxmanage.js] Command Injection via insecure command concatenation'
20 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'francisbeaudoin' 
b'Ability to generate shipping labels in another store orders'
19 Aug 2020 timeline
b'WakaTime' disclosed a bug submitted by b'harshita174' 
b'Rate Limit too lenient for endpoint sending emails'
19 Aug 2020 timeline
b'Avito' disclosed a bug submitted by b'harshita174' 
b'Missing SPF Records'
19 Aug 2020 timeline
1 ... 253 254 255 256 257 ... 719
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM