Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'83 
b'linkks'75 
b'jobert'70 
b'nyymi'62 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Mail.ru' disclosed a bug submitted by b'alexeysergeevich' 
b'capsula.mail.ru - Admin blind stored XSS'
20 Jul 2020 timeline
b'Mail.ru' disclosed a bug submitted by b'esetal' 
b'[geekbrains.ru] Reflected XSS via Angular Template Injection'
20 Jul 2020 timeline
b'Weblate' disclosed a bug submitted by b'fr0gz0x' 
b'Secret_key in GitHub'
18 Jul 2020 timeline
b'Staging.every.org' disclosed a bug submitted by b'dianeme' 
b'No Rate Limit On Reset Password'
17 Jul 2020 timeline
b'Phabricator' disclosed a bug submitted by b'rhinosf1' 
b'Edit Policy restriction does not prevent comments.'
17 Jul 2020 timeline
b'WordPress' disclosed a bug submitted by b'0_loophole_' 
b'Clickjacking on donation page'
16 Jul 2020 timeline
b'WordPress' disclosed a bug submitted by b'lamscun' 
b'CSRF on comment post'
16 Jul 2020 timeline
b'Shopify' disclosed a bug submitted by b'hiffley' 
b'GraphQL AdminGenerateSessionPayload is leaked to staff with no permission'
16 Jul 2020 timeline
b'Shopify' disclosed a bug submitted by b'nsl182' 
b'Account takeover intercepting magic link for Arrive app'
15 Jul 2020 timeline
b'MTN Group' disclosed a bug submitted by b'tounsi_007' 
b'Accessible Restricted directory on [bcm-bcaw.mtn.cm]'
15 Jul 2020 timeline
b'New Relic' disclosed a bug submitted by b'ldionmarcil' 
b'[synthetics.newrelic.com] SMTP header injection leads to (mass) arbitrary email sending'
15 Jul 2020 timeline
b'Zomato' disclosed a bug submitted by b'bigbug' 
b'Possible to enumerate Addresses of users using AddressId and guessing the delivery_subzone'
15 Jul 2020 timeline
b'Shopify' disclosed a bug submitted by b'francisbeaudoin' 
b"Ability to link a Google account to another staff account/store owner that isn't linked yet"
14 Jul 2020 timeline
b'Shopify' disclosed a bug submitted by b'imranhudaa' 
b"user with no draft order permission can still perform action on draft order's in stocky app (idor)"
14 Jul 2020 timeline
b'Shopify' disclosed a bug submitted by b'priyanshuxo' 
b'Subdomain Takeover of multiple *.ttcdn.co domains'
14 Jul 2020 timeline
b'Razer' disclosed a bug submitted by b'pandaonair' 
b'Race Condition in Oauth 2.0 flow can lead to malicious applications create multiple valid sessions'
14 Jul 2020 timeline
b'Razer' disclosed a bug submitted by b's3cr3tsdn' 
b'[api.easy2pay.co] SQL Injection in cashcard via card_no parameter ??Bypassing IP whitelist??'
14 Jul 2020 timeline
b'Shopify' disclosed a bug submitted by b'sreeju_kc' 
b'IDOR on stocky application-Low Stock-Varient-Settings-Columns'
14 Jul 2020 timeline
b'Shopify' disclosed a bug submitted by b'zonduu' 
b'Open Redirect - www.shopify.com'
14 Jul 2020 timeline
b'U.S. Dept Of Defense' disclosed a bug submitted by b'natanalves01001' 
b'(CORS) Cross-origin resource sharing misconfiguration'
14 Jul 2020 timeline
1 ... 284 285 286 287 288 ... 738
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM