Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'80 
b'linkks'75 
b'jobert'70 
b'someonenobbd'62 
b'nyymi'58 
b'ooooooo_q'52 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Node.js third-party modules' disclosed a bug submitted by b'toannc123' 
b'[serve-here.js] List any file in the folder by using path traversal.'
24 Jun 2019 timeline
b'Tube8' disclosed a bug submitted by b'tony_tsep' 
b'SSRF and local file disclosure by video upload on https://www.tube8.com/'
24 Jun 2019 timeline
b'YouPorn' disclosed a bug submitted by b'tony_tsep' 
b'SSRF and local file disclosure by video upload on http://www.youporn.com/'
24 Jun 2019 timeline
b'Twitter' disclosed a bug submitted by b'seifelsallamy' 
b'Verify any unused email address'
24 Jun 2019 timeline
b'Razer US' disclosed a bug submitted by b'lawway' 
b'DLL Hijacking Vulnerability in synapse-2'
23 Jun 2019 timeline
b'Khan Academy' disclosed a bug submitted by b'dermeister' 
b'Sensitive information/action is stored/done is done using a GET request'
23 Jun 2019 timeline
b'Automattic' disclosed a bug submitted by b'dermeister' 
b'Broken Authentication - Security token gets captured via man in the middle attack'
22 Jun 2019 timeline
b'Automattic' disclosed a bug submitted by b'dermeister' 
b'Captcha bypass for the most important function - At en.instagram-brand.com'
22 Jun 2019 timeline
b'Automattic' disclosed a bug submitted by b'dermeister' 
b'Cross Domain leakage of sensitive information - Leading to Account Takeover at Instagram Brand'
22 Jun 2019 timeline
b'Automattic' disclosed a bug submitted by b'dermeister' 
b'Authentication Bypass - Chaining two vulnerabilities leads to account takeover at en.instagram-brand.com'
22 Jun 2019 timeline
b'Trint Ltd' disclosed a bug submitted by b'dhakalananda' 
b'IDOR in changing shared file name'
22 Jun 2019 timeline
b'Slack' disclosed a bug submitted by b'freem0' 
b'Information leakage and default open port'
22 Jun 2019 timeline
b'Rocket.Chat' disclosed a bug submitted by b'theappsec' 
b'Broken access control on apps '
22 Jun 2019 timeline
b'Infogram' disclosed a bug submitted by b'theappsec' 
b'Stored XSS in infogram.com via language '
22 Jun 2019 timeline
b'Khan Academy' disclosed a bug submitted by b'rlaneth' 
b'Cross-Site Request Forgery (CSRF) vulnerability on API endpoint allows account takeovers'
22 Jun 2019 timeline
b'ecobee' disclosed a bug submitted by b'prinsfrank' 
b'Open API - AWS S3 GET Bucket (List Objects) Version 1'
21 Jun 2019 timeline
b'Shopify' disclosed a bug submitted by b'tems' 
b'DOM XSS via Shopify.API.Modal.initialize'
21 Jun 2019 timeline
b'Redtube' disclosed a bug submitted by b'tony_tsep' 
b'SSRF and local file disclosure by video upload on https://www.redtube.com/upload'
21 Jun 2019 timeline
b'SEMrush' disclosed a bug submitted by b'r0hack' 
b'XSS Reflected on my_report'
21 Jun 2019 timeline
b'Nextcloud' disclosed a bug submitted by b'francescocar' 
b'Vulnerable W3 Total Cache plugin version in use on nextcloud.com'
21 Jun 2019 timeline
1 ... 384 385 386 387 388 ... 730
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM