Top10 publishers:
b'bobrov'117 
b'sp1d3rs'86 
b'geeknik'84 
b'linkks'75 
b'jobert'70 
b'nyymi'64 
b'someonenobbd'62 
b'ooooooo_q'54 
b'guido'50 
b'haxta4ok00'49 

the unofficial HackerOne disclosure timeline.

X
b'Node.js third-party modules' disclosed a bug submitted by b'chalker' 
b'`sql` does not properly escape parameters when building SQL queries, resulting in potential SQLi'
12 May 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'chalker' 
b'`npmconf` (and `npm` js api) allocate and write to disk uninitialized memory content when a typed number is passed as input on Node.js 4.x'
12 May 2018 timeline
b'VK.com' disclosed a bug submitted by b'trainzment' 
b'????????? ?????????? ? ??????? ?????? ??? ??????????'
12 May 2018 timeline
b'HackerOne' disclosed a bug submitted by b'haxta4ok00' 
b'Team object in GraphQL disclosed total number of whitelisted hackers'
12 May 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'chalker' 
b'`byte` allocates uninitialized buffers and reads data from them past the initialized length'
11 May 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'chalker' 
b'`base64url` allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below'
11 May 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'chalker' 
b'`macaddress` concatenates unsanitized input into exec() command'
11 May 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'chalker' 
b'`command-exists` concatenates unsanitized input into exec()/execSync() commands'
11 May 2018 timeline
b'Twitter' disclosed a bug submitted by b'lukeberner' 
b'ms5 debug page exposing internal info (internal IPs, headers)'
11 May 2018 timeline
b'Mail.Ru' disclosed a bug submitted by b'xawdxawdx' 
b'CSRF ?? calendar.mail.ru'
11 May 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'bl4de' 
b"[buttle] Remote Command Execution via unsanitized PHP filename when it's run with --php-bin flag"
11 May 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'caioluders' 
b'Bypass to defective fix of Path Traversal '
11 May 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'chalker' 
b'`fs-path` concatenates unsanitized input into exec()/execSync() commands'
11 May 2018 timeline
b'Mail.Ru' disclosed a bug submitted by b'obmi' 
b'XSS on e.mail.ru via postMessage'
11 May 2018 timeline
b'Node.js third-party modules' disclosed a bug submitted by b'chalker' 
b'`stringstream` allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below'
11 May 2018 timeline
b'ICQ' disclosed a bug submitted by b'whitehattushu' 
b'The auth token does not expire on logging out and even after logging out all sessions'
11 May 2018 timeline
b'Mail.Ru' disclosed a bug submitted by b'xawdxawdx' 
b'Shell upload in http://widget.support.my.com/'
11 May 2018 timeline
b'JamieWeb' disclosed a bug submitted by b'retr0' 
b'Insecure Transportation Security Protocol Supported (TLS 1.0) on https://www.jamieweb.net'
11 May 2018 timeline
b'Rockstar Games' disclosed a bug submitted by b'n00bsec' 
b'Table and Column Exposure'
10 May 2018 timeline
b'Udemy' disclosed a bug submitted by b'cha5m' 
b'Subdomain Takeover (and Stored XSS) via Trailing Dot at https://coding-exercises.udemy.com'
10 May 2018 timeline
1 ... 464 465 466 467 468 ... 741
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM