Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'83 
b'linkks'75 
b'jobert'70 
b'nyymi'62 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'[NR Synthetics] Restricted user can view synthetics monitors and user permissions through .json endpoint at /permissions/securablemetadata/{GROUP ID}'
26 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'[New Relic Infrastructure] Restricted User can still integrate with AWS via forced browsing (plus, a few other bugs)'
26 Aug 2020 timeline
b'Visma Public' disclosed a bug submitted by b'risinghunter' 
b'Information disclosure to "Permission as auditor" user'
26 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'toannc123' 
b'[min-http-server] List any file in the folder by using path traversal.'
26 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'chalker' 
b'[json-bigint] DoS via `__proto__` assignment'
25 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'francisbeaudoin' 
b'Script Editor preview token still working with uninstalled application, even for unpublished script'
25 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'ryat' 
b'Self XSS in Timeline '
25 Aug 2020 timeline
b'WordPress' disclosed a bug submitted by b'apapedulimu' 
b'Stored XSS on Broken Themes via filename'
25 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'saltymermaid' 
b'Ability to see password protected content by bypassing the password page of shopify preview URL for new development stores (as of August 17, 2020)'
25 Aug 2020 timeline
b'HackerOne' disclosed a bug submitted by b'bugra' 
b"Recently added 'Country' field doesn't send email notification when changed"
25 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'macasun' 
b'Prototype pollution attack (lodash)'
25 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'ngalog' 
b'Path Traversal in App Proxy'
24 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'mik317' 
b'[windows-edge] RCE via insecure command formatting'
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'francisbeaudoin' 
b'Stocky App Administrator can create a backdoor admin account by using an existing POS User'
24 Aug 2020 timeline
b'Smule' disclosed a bug submitted by b'absshax' 
b'[com.smule.autorap.*] Cloud Messaging/Push Notification service takeover due to clear-text usage of Legacy FCM Server keys in the client app '
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'langduvnsec' 
b'STAFF "No-Permissions" on the Store can retrieve the details Order via exchangeReceiptSend'
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'nooblife' 
b'*.shopify.com - Authentication bypass'
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'meow-hacker-meow' 
b'Subdomain takeover in help.tictail.com pointing to Zendesk (a Shopify acquisition)'
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'zwail' 
b'xss stored in https://your store.myshopify.com/admin/'
24 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'jaka_tingkir' 
b'increased privileges on staff account'
24 Aug 2020 timeline
1 ... 270 271 272 273 274 ... 738
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM