Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'83 
b'linkks'75 
b'jobert'70 
b'nyymi'62 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Zomato' disclosed a bug submitted by b'zzzhacker13' 
b'[www.zomato.com] Abusing LocalParams (city) to Inject SOLR query'
10 Aug 2020 timeline
b'Grammarly' disclosed a bug submitted by b'cript0nauta' 
b"Unauthenticated users can access all food.grammarly.io user's data"
10 Aug 2020 timeline
b'Zomato' disclosed a bug submitted by b'zzzhacker13' 
b'Solr Injection in `user_id` parameter at :/v2/leaderboard_v2.json'
10 Aug 2020 timeline
b'Visma Public' disclosed a bug submitted by b'brdoors3' 
b'Access control on https://eaccounting.stage.vismaonline.com/'
09 Aug 2020 timeline
b'Zomato' disclosed a bug submitted by b'0xdexter' 
b'Ability to manipulate price with a max threshold of `<1 Rupee` in support rider parameter'
08 Aug 2020 timeline
b'Zomato' disclosed a bug submitted by b'pandaaaa' 
b'Availing Zomato gold by using a random third-party `wallet_id`'
07 Aug 2020 timeline
b'BugPoC' disclosed a bug submitted by b'acut3' 
b'Improper use of "path" parameter can be used to trick testers into leaking their Front-End PoC'
07 Aug 2020 timeline
b'Topcoder' disclosed a bug submitted by b'mase289' 
b'Blind stored XSS due to insecure contact form at https://www.topcoder.com leads to leakage of session token and other PII'
07 Aug 2020 timeline
b'Bitwarden' disclosed a bug submitted by b'njgadhiya' 
b'Server-Side Request Forgery in "icons.bitwarden.net"'
07 Aug 2020 timeline
b'GitLab' disclosed a bug submitted by b'rhynorater' 
b"Full Read SSRF on Gitlab's Internal Grafana"
07 Aug 2020 timeline
b'Dropcontact' disclosed a bug submitted by b'kapkan' 
b'User can Subscribe a plan that is hidden by manipulating the value of "subscription" parameter at [ https://app.dropcontact.io/app/checkout/]'
07 Aug 2020 timeline
b'Unikrn' disclosed a bug submitted by b'l_user' 
b'Lack of Input sanitization leads to database Character encoding configuration Disclosure'
07 Aug 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'vrechson' 
b'[wappalyzer] ReDoS allows an attacker to completely break Wappalyzer'
06 Aug 2020 timeline
b'Nextcloud' disclosed a bug submitted by b'cwave' 
b'Memory Leak in OCUtil.dll library in Desktop client can lead to DoS'
06 Aug 2020 timeline
b'LINE' disclosed a bug submitted by b'kazan71p' 
b'Spring Actuator endpoints publicly available and broken authentication'
06 Aug 2020 timeline
b'8x8' disclosed a bug submitted by b'wisp' 
b'Send Phishing/Spam email from support@sameroom.io to any email address.'
05 Aug 2020 timeline
b'Rockset' disclosed a bug submitted by b'thatquasar' 
b'S3 bucket data at http://rockset-support.s3-us-west-2.amazonaws.com/ reveals user addresses based on latitudes and longitudes.'
05 Aug 2020 timeline
b'Nextcloud' disclosed a bug submitted by b'l00ph0le' 
b'Arbitrary code execution in desktop client via OpenSSL config'
05 Aug 2020 timeline
b'Nextcloud' disclosed a bug submitted by b'yzy9951' 
b'XSS in image metadata field'
05 Aug 2020 timeline
b'concrete5' disclosed a bug submitted by b'thiennv' 
b'Time-base SQL Injection in Search Users'
05 Aug 2020 timeline
1 ... 278 279 280 281 282 ... 738
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM