Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'81 
b'linkks'75 
b'jobert'70 
b'someonenobbd'62 
b'nyymi'60 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'WakaTime' disclosed a bug submitted by b'harshita174' 
b'Rate Limit too lenient for endpoint sending emails'
19 Aug 2020 timeline
b'Avito' disclosed a bug submitted by b'harshita174' 
b'Missing SPF Records'
19 Aug 2020 timeline
b'Nextcloud' disclosed a bug submitted by b'ja3far' 
b'Denial of Service when entring an Array in email at seetings'
19 Aug 2020 timeline
b'Valve' disclosed a bug submitted by b'gamer7112' 
b"[GoldSrc] RCE via 'spk' Console Command"
19 Aug 2020 timeline
b'Valve' disclosed a bug submitted by b'gamer7112' 
b'[GoldSrc] RCE via malformed BSP file'
19 Aug 2020 timeline
b'Valve' disclosed a bug submitted by b'irukandjisecresearch' 
b"Buffer overflow In hl.exe's launch -game argument allows an attacker to execute arbitrary code locally or from browser"
19 Aug 2020 timeline
b'Yelp' disclosed a bug submitted by b'hk755a' 
b"CRITICAL Insecure Direct Object Reference (I.D.O.R) - Link Other User's Credit Card "
19 Aug 2020 timeline
b'Yelp' disclosed a bug submitted by b'hk755a' 
b"I.D.O.R To Order,Book,Buy,reserve On YELP FOR FREE (UNAUTHORIZED USE OF OTHER USER'S CREDIT CARD)"
19 Aug 2020 timeline
b'Yelp' disclosed a bug submitted by b'hk755a' 
b"I.D.O.R TO EDIT ALL USER'S CREDIT CARD INFORMATION+(Partial credit card info disclosure)"
19 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'ayyoub' 
b'Password reset link not expired at Stocky App'
18 Aug 2020 timeline
b'Starbucks' disclosed a bug submitted by b'rexvuz' 
b'Korea - Reflected XSS on https://www.istarbucks.co.kr/app/getGiftStock.do via "skuNo" and "skuImgUrl" parameters'
18 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'tolo7010' 
b'Some store settings/data are accessible to "No Access" permission users on GraphQL LiveView operation'
18 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'jmp_35p' 
b'Get analytics token using only apps permission'
18 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'sreeju_kc' 
b'OrderListInitial leaks order details'
18 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'jaka_tingkir' 
b'access permission is not revoked even if the email has been deleted or changed on the partner account -partners.shopify-'
18 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'rioncool22' 
b'Blind Stored XSS Via Staff Name'
18 Aug 2020 timeline
b'WordPress' disclosed a bug submitted by b'simonscannell' 
b'Stored XSS in Post Preview as Contributor'
18 Aug 2020 timeline
b'WordPress' disclosed a bug submitted by b'simonscannell' 
b'pre-auth Stored XSS in comments via javascript: url when administrator edits user supplied comment'
18 Aug 2020 timeline
b'Mendix' disclosed a bug submitted by b'enixium' 
b'Reflected XSS in "*.mendix.com/openid/*"'
18 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'try___for_impossible' 
b'IDOR at [https://dropcontact.firstpromote] which allows an UNAUTHORIZED user to ACCESS and EDIT Paypal GMAIL by Changing the ID.'
18 Aug 2020 timeline
1 ... 268 269 270 271 272 ... 733
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM