Top10 publishers:
bobrov107 
sp1d3rs54 
bigbear_38 
guido37 Twitter
bl4de37 
isox36 
geeknik35 
4lemon35 
edio34 
jobert34 

the unofficial HackerOne disclosure timeline.

X
Coinbase disclosed a bug submitted by michiel 
Bypassing 2FA for BTC transfers
25 Sep 2014 timeline
HackerOne disclosed a bug submitted by anand_m 
Change Any username and profile link in hackerone
25 Sep 2014 timeline
C2FO disclosed a bug submitted by faisalahmed 
All Active user sessions should be destroyed when user change his password!
23 Sep 2014 timeline
Twitter disclosed a bug submitted by vineet 
Captcha bypass with extension at http://www.mopub.com/about/contact/
22 Sep 2014 timeline
wont-fix
Square disclosed a bug submitted by pranav_hivarekar Twitter
CSRF login
21 Sep 2014 timeline
wont-fix
concrete5 disclosed a bug submitted by robin 
broken authentication
21 Sep 2014 timeline
Phabricator disclosed a bug submitted by shahmeer_amir 
Content Spoofing through URL
20 Sep 2014 timeline
wont-fix
Mail.Ru disclosed a bug submitted by vineet 
(m.mail.ru) Password type input with auto-complete enabled
19 Sep 2014 timeline
wont-fix
Mavenlink disclosed a bug submitted by vineet 
Clickjacking & CSRF attack can be done at https://app.mavenlink.com/login
19 Sep 2014 timeline
Mavenlink disclosed a bug submitted by vineet 
Clickjacking at https://www.mavenlink.com/ main website
19 Sep 2014 timeline
Detectify disclosed a bug submitted by mohdhaji87 
Password reset link not validated.
19 Sep 2014 timeline
CloudFlare disclosed a bug submitted by mohdhaji87 
User can request for password reset link without giving his website, eventhough he have it
19 Sep 2014 timeline
wont-fix
CloudFlare disclosed a bug submitted by jpsecurityresearch 
Apache mod_negotiation filename bruteforcing
19 Sep 2014 timeline
wont-fix
WePay disclosed a bug submitted by pranav_hivarekar Twitter
CSRF (Make email primary) may lead to account compromise
19 Sep 2014 timeline
The Internet disclosed a bug submitted by kaeso 
Multiple issues in looking-glass software (aka from web to BGP injections)
17 Sep 2014 timeline
Phabricator disclosed a bug submitted by sehacure Twitter
Open redirection on secure.phabricator.com
17 Sep 2014 timeline
Mail.Ru disclosed a bug submitted by bigbear 
Reflected XSS in User-Agent
16 Sep 2014 timeline
Khan Academy disclosed a bug submitted by bigbear 
Suffix of url-path is vulnerable to XSS-attack
16 Sep 2014 timeline
Detectify disclosed a bug submitted by shahmeer_amir 
Cookie manipulation does not log attacker out of the session
16 Sep 2014 timeline
wont-fix
Mail.Ru disclosed a bug submitted by bigbear 
SQL Injection on 11x11.mail.ru
16 Sep 2014 timeline
1 ... 282 283 284 285 286 ... 313
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM