Top10 publishers:
bobrov114 
linkks75 
geeknik72 
sp1d3rs63 
jobert57 
netfuzzer47 
guido45 Twitter
bl4de42 
ryat40 
bigbear_38 

the unofficial HackerOne disclosure timeline.

X
Instacart disclosed a bug submitted by sameoldstory 
Fetch private list metadata and any user's personal name
12 Sep 2016 timeline
Instacart disclosed a bug submitted by corb3nik 
Hyperlink Injection in Friend Invitation Emails
12 Sep 2016 timeline
Instacart disclosed a bug submitted by cablej Twitter
Missing rel=noreferrer tag allows link in list to change url of currently open tab
12 Sep 2016 timeline
Instacart disclosed a bug submitted by mefkan 
Image Upload Path Disclosure
12 Sep 2016 timeline
Legal Robot disclosed a bug submitted by cablej Twitter
User Information sent to client through websockets
12 Sep 2016 timeline
Legal Robot disclosed a bug submitted by cablej Twitter
User Information leak allows user to bypass email verification.
12 Sep 2016 timeline
Pornhub disclosed a bug submitted by zephrfish Twitter
[crossdomain.xml] Dangerous Flash Cross-Domain Policy
12 Sep 2016 timeline
Instacart disclosed a bug submitted by cablej Twitter
Race Condition in Redeeming Coupons
12 Sep 2016 timeline
Instacart disclosed a bug submitted by clarck-owen 
Host Header Injection/Redirection in: https://www.instacart.com/
11 Sep 2016 timeline
Harvest disclosed a bug submitted by eboda Twitter
Stored XSS on invoice, executing on any subdomain
10 Sep 2016 timeline
Harvest disclosed a bug submitted by eboda Twitter
S3 bucket takeover due to proxy.harvestfiles.com
10 Sep 2016 timeline
Boozt Fashion AB disclosed a bug submitted by r4hul-ch 
No csrf protection on logout
10 Sep 2016 timeline
Boozt Fashion AB disclosed a bug submitted by m726a786 
User Enumeration.
10 Sep 2016 timeline
Harvest disclosed a bug submitted by 0xamir 
Users enumeration is possible through cycling through recurring[client_id] argument value.
10 Sep 2016 timeline
Mail.Ru disclosed a bug submitted by ahsantahir 
[cfire.mail.ru] CSRF Bypassed - Changing anyone's 'User Info'
09 Sep 2016 timeline
Veris disclosed a bug submitted by xenon 
[XSS] sandbox.veris.in
09 Sep 2016 timeline
Legal Robot disclosed a bug submitted by paramdham 
CSRF
09 Sep 2016 timeline
Instacart disclosed a bug submitted by s44mux 
Stored XSS
09 Sep 2016 timeline
Uber disclosed a bug submitted by apara 
Bulk UUID enumeration via invite codes
08 Sep 2016 timeline
Mapbox disclosed a bug submitted by n0rb3r7 
target="_blank" Vulnerability Resulting in Critical Phishing Vector
07 Sep 2016 timeline
1 ... 324 325 326 327 328 ... 448
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM