the unofficial HackerOne disclosure timeline.

X
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[objtools] Prototype pollution'
14 Sep 2020 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'd3lla' 
b'[keyd] Prototype pollution'
14 Sep 2020 timeline
b'Shopify' disclosed a bug submitted by b'dakitu' 
b'Cache poisoning via X-Forwarded-Host in www.shopify.com/partners/blog'
11 Sep 2020 timeline
b'CS Money' disclosed a bug submitted by b'mr_vrush' 
b'Internal Path Disclosure'
11 Sep 2020 timeline
b'Bitwarden' disclosed a bug submitted by b'shielder' 
b'Blind HTTP GET SSRF via website icon fetch (bypass of pull#812)'
11 Sep 2020 timeline
b'Twitter' disclosed a bug submitted by b'protostar0' 
b'http request smuggling in pscp.tv and periscope.tv'
10 Sep 2020 timeline
b'Central Security Project' disclosed a bug submitted by b'c0d3p1ut0s' 
b'Unsafe deserialization in Nexus Repository helm plugin'
10 Sep 2020 timeline
b'HackerOne' disclosed a bug submitted by b'haxta4ok00' 
b'Team object in GraphQL disclosed private_comment'
10 Sep 2020 timeline
b'Twitter' disclosed a bug submitted by b'cyanpiny' 
b'Safe Redirect Bypass '
10 Sep 2020 timeline
b'Shipt' disclosed a bug submitted by b'tester1231233' 
b'bypass the [OKTA] login redirect can lead to disclosing limited-information about the sub-domain at [ shiptsec.com ]'
10 Sep 2020 timeline
b'Razer' disclosed a bug submitted by b'jackb898' 
b'THX Tuneup Survey feedback disclosure via Google cached content for apps.thx.com'
10 Sep 2020 timeline
b'Topcoder' disclosed a bug submitted by b'mase289' 
b'SSRF at https://cognitive.topcoder.com leads to AWS instance metadata due to vulnerable email subscription feature'
10 Sep 2020 timeline
b'Smartsheet' disclosed a bug submitted by b'soareswallace' 
b'Smartsheet employees email disclosure through enpoint after login.'
09 Sep 2020 timeline
b'GitLab' disclosed a bug submitted by b'vakzz' 
b'Stored XSS in markdown when redacting references'
09 Sep 2020 timeline
b'GitLab' disclosed a bug submitted by b'vakzz' 
b'Stored XSS on PyPi simple API endpoint'
09 Sep 2020 timeline
b'Valve' disclosed a bug submitted by b'njbooher' 
b'Unauthorized updates to extended_info properties in /store/ajaxpackagesave'
09 Sep 2020 timeline
b'Valve' disclosed a bug submitted by b'njbooher' 
b'Add apps to packages 0, 61, 62 with /store/ajaxpackagemerge'
09 Sep 2020 timeline
b'Shopify' disclosed a bug submitted by b'jaka_tingkir' 
b'damage to the timeline so that comment fields cannot be displayed or not available to all members in the store'
09 Sep 2020 timeline
b'Staging.every.org' disclosed a bug submitted by b'bugra' 
b'Race Condition when following a user'
09 Sep 2020 timeline
b'InnoGames' disclosed a bug submitted by b'rzx007x' 
b'Blind SQL Injection '
08 Sep 2020 timeline
1 ... 293 294 295 296 297 ... 766
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM