Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'64 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'GitLab' disclosed a bug submitted by b'rioncool22' 
b'Stored XSS in "Create Groups"'
26 Aug 2020 timeline
b'GitLab' disclosed a bug submitted by b'u3mur4' 
b'An attacker can run pipeline jobs as arbitrary user'
26 Aug 2020 timeline
b'GitLab' disclosed a bug submitted by b'skavans' 
b'Privilege escalation from any user (including external) to gitlab admin when admin impersonates you'
26 Aug 2020 timeline
b'GitLab' disclosed a bug submitted by b'rpadovani' 
b'Stealing data from customers.gitlab.com without user interaction'
26 Aug 2020 timeline
b'GitLab' disclosed a bug submitted by b'sky003' 
b'Initial mirror user can be assigned by other user even if the mirror was removed'
26 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Internal API endpoint discloses full account name of email address associated with unconfirmed user'
26 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'Adding a new user discloses their full name in the "Users" section of NR Alerts notification channels page'
26 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'[NR Synthetics] Restricted user can view synthetics monitors and user permissions through .json endpoint at /permissions/securablemetadata/{GROUP ID}'
26 Aug 2020 timeline
b'New Relic' disclosed a bug submitted by b'jon_bottarini' 
b'[New Relic Infrastructure] Restricted User can still integrate with AWS via forced browsing (plus, a few other bugs)'
26 Aug 2020 timeline
b'Visma Public' disclosed a bug submitted by b'risinghunter' 
b'Information disclosure to "Permission as auditor" user'
26 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'toannc123' 
b'[min-http-server] List any file in the folder by using path traversal.'
26 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'chalker' 
b'[json-bigint] DoS via `__proto__` assignment'
25 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'francisbeaudoin' 
b'Script Editor preview token still working with uninstalled application, even for unpublished script'
25 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'ryat' 
b'Self XSS in Timeline '
25 Aug 2020 timeline
b'WordPress' disclosed a bug submitted by b'apapedulimu' 
b'Stored XSS on Broken Themes via filename'
25 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'saltymermaid' 
b'Ability to see password protected content by bypassing the password page of shopify preview URL for new development stores (as of August 17, 2020)'
25 Aug 2020 timeline
b'HackerOne' disclosed a bug submitted by b'bugra' 
b"Recently added 'Country' field doesn't send email notification when changed"
25 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'macasun' 
b'Prototype pollution attack (lodash)'
25 Aug 2020 timeline
b'Shopify' disclosed a bug submitted by b'ngalog' 
b'Path Traversal in App Proxy'
24 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'mik317' 
b'[windows-edge] RCE via insecure command formatting'
24 Aug 2020 timeline
1 ... 276 277 278 279 280 ... 744
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM