Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'64 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'RubyGems' disclosed a bug submitted by b'ooooooo_q' 
b'65534 times efficient, Brute-force attack for api_key'
08 Dec 2018 timeline
b'OLX' disclosed a bug submitted by b'secpentester1337' 
b'XSS Reflected at SEARCH >>'
08 Dec 2018 timeline
b'Khan Academy' disclosed a bug submitted by b'sarmadkhan' 
b'Cross site scripting (content-sniffing)'
08 Dec 2018 timeline
b'Nextcloud' disclosed a bug submitted by b'c0rv4x' 
b'Github wikis are editable by anyone '
07 Dec 2018 timeline
b'Phabricator' disclosed a bug submitted by b'insufficiententropy' 
b'TOTP Key is shorter than RFC 4226 recommended minimum'
07 Dec 2018 timeline
b'SEMrush' disclosed a bug submitted by b'jimgogogo' 
b"Stored XSS in '' Section and WAF Bypass"
07 Dec 2018 timeline
b'SEMrush' disclosed a bug submitted by b'ankit_singh' 
b'Open Redirect'
07 Dec 2018 timeline
b'Twitter' disclosed a bug submitted by b'csanuragjain' 
b'Global defaming of any twitter user'
06 Dec 2018 timeline
b'Shopify' disclosed a bug submitted by b'vijay_kumar1110' 
b'Read access to hidden orders,products,customers etc. by limited access Staff member through reference page in Comments (Information disclosure )'
06 Dec 2018 timeline
b'Avito' disclosed a bug submitted by b'lincoln9932' 
b'reflected XSS avito.ru'
06 Dec 2018 timeline
b'Discourse' disclosed a bug submitted by b'avinash_' 
b'Account takeover at https://try.discourse.org due to no CSRF protection in connecting Yahoo account'
06 Dec 2018 timeline
b'Ruby on Rails' disclosed a bug submitted by b'bjeanes' 
b'Specially constructed multi-part requests cause multi-second response times; vulnerable to DoS'
05 Dec 2018 timeline
b'LocalTapiola' disclosed a bug submitted by b'chihuahua' 
b'Reflected XSS of bbe-child-starter Theme via "value"-GET-parameter'
05 Dec 2018 timeline
b'HackerOne' disclosed a bug submitted by b'haxta4ok00' 
b'A user can bypass approval step in Hacker Publishing feature, allowing them to publish reports immediately'
05 Dec 2018 timeline
b'GoCD' disclosed a bug submitted by b'4cad' 
b'Imperfect CSRF To Overwrite Server Config at /go/admin/restful/configuration/file/POST/xml'
05 Dec 2018 timeline
b'Zendesk' disclosed a bug submitted by b'hariharan21' 
b'Admin Macro Description Stored XSS'
05 Dec 2018 timeline
b'HackerOne' disclosed a bug submitted by b'npbhatter17' 
b'Notifications sent due to "Transfer report" functionality may be sent to users who are no longer authorized to see the report'
04 Dec 2018 timeline
b'GitLab' disclosed a bug submitted by b'8ayac' 
b'Stored XSS in merge request pages'
03 Dec 2018 timeline
b'GitLab' disclosed a bug submitted by b'8ayac' 
b'Unauthorized users may be able to view almost all informations related to Private projects.'
03 Dec 2018 timeline
b'Zomato' disclosed a bug submitted by b'sandeep_hodkasia' 
b'[www.zomato.com] Blind XSS in one of the Admin Dashboard'
03 Dec 2018 timeline
1 ... 425 426 427 428 429 ... 741
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM