Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'83 
b'linkks'75 
b'jobert'70 
b'nyymi'62 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Mail.ru' disclosed a bug submitted by b'iframe' 
b'[api.33slona.ru] ?????? ? API ?? ?? ???????????? ???????????? ??????? 302 ???????.'
02 Sep 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'iframe' 
b'looch.tv CORS crossite user information and stream_key access'
02 Sep 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'avolume' 
b'Public access to Sidekiq dashboard at shopper.sbermarket.ru'
02 Sep 2020 timeline
b'Shopify' disclosed a bug submitted by b'francisbeaudoin' 
b"Takeover an account that doesn't have a Shopify ID and more"
02 Sep 2020 timeline
b'Imgur' disclosed a bug submitted by b'zerox4' 
b'Stored XSS in Post title (PoC)'
02 Sep 2020 timeline
b'Ruby on Rails' disclosed a bug submitted by b'ooooooo_q' 
b'XSS by file (Active Storage `Proxying`)'
01 Sep 2020 timeline
b'Starbucks' disclosed a bug submitted by b'x3n0nn3p' 
b'CRLF injection on www.starbucks.com'
01 Sep 2020 timeline
b'Yelp' disclosed a bug submitted by b'alaayousef' 
b'Clickjacking lead to remove review'
01 Sep 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'iframe' 
b'[garnier-olia.lady.mail.ru] Reflected XSS /exp/ bypass "/"'
01 Sep 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'iframe' 
b'warofdragons.my.games: configuration files with database account are accessible'
01 Sep 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'iframe' 
b'IDOR ????????? ???????? ?????????? ? ????????????.'
01 Sep 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'organdonor' 
b'Access to information about any video and its owner via GraphQL endpoint [dictor.mail.ru]'
01 Sep 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'pisarenko' 
b' [self?] XSS ? ?????? ???????????? [sbermarket.ru]'
31 Aug 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'jianjun' 
b'An implementation flaw in Mail.ru can be exploited for DKIM signature spoofing and email spoofing'
31 Aug 2020 timeline
b'QIWI' disclosed a bug submitted by b'honoki' 
b'DOM XSS triggered in secure support desk'
31 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'bp0lr' 
b'[hangersteak] Web Server Directory Traversal via Crafted GET Request'
30 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'bp0lr' 
b'[sirloin] Web Server Directory Traversal via Crafted GET Request'
30 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'zerox4' 
b'XSS Stored via Upload avatar PNG [HTML] File in accounts.shopify.com'
30 Aug 2020 timeline
b'WakaTime' disclosed a bug submitted by b'hy76t56f565' 
b'Private leaderboard owner email disclosure when sending invites'
28 Aug 2020 timeline
b'Slack' disclosed a bug submitted by b'oskarsv' 
b'Remote Code Execution in Slack desktop apps + bonus'
28 Aug 2020 timeline
1 ... 268 269 270 271 272 ... 738
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM