Apache Tomcat
CVE-2018-11784
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.12
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.34
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.91

Apache httpd
CVE-2016-4975
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975
https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975
https://hackerone.com/ibb-apache/thanks/2018

Android
CVE-2016-6716
https://source.android.com/security/bulletin/2016-11-01.html#acknowledgements
https://source.android.com/security/overview/acknowledgements.html#2016

Django
CVE-2016-7401
https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
https://hackerone.com/django/thanks/2015
https://hackerone.com/django/thanks/2016

Express.js serve-static
CVE-2015-1164
https://www.npmjs.com/advisories/35

Oracle
April 2014 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
CVE-2014-0414
http://www.securitylab.ru/lab/PT-2013-49
CVE-2014-0426
http://www.securitylab.ru/lab/PT-2013-47
CVE-2014-0413
http://www.securitylab.ru/lab/PT-2013-48

Siemens
CVE-2012-2596, CVE-2012-2597, CVE-2012-2598, CVE-2012-2595, CVE-2012-3003
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-223158.pdf
CVE-2012-3031, CVE-2012-3028, CVE-2012-3030
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-864051.pdf
CVE-2013-0667, CVE-2013-0671, CVE-2013-0672
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-212483.pdf
CVE-2013-4912, CVE-2013-4911
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-064884.pdf
CVE-2013-0679
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-714398.pdf

PHP
CVE-2012-3365
http://www.securitylab.ru/lab/PT-2012-14

Yandex
https://yandex.com/bugbounty/researchers/blackfan/
https://yandex.com/bugbounty/hall-of-fame/2018/8/
https://yandex.com/bugbounty/hall-of-fame/2018/7/
January 2018 https://yandex.com/bugbounty/hall-of-fame/2018/1/
October 2017 https://yandex.com/bugbounty/hall-of-fame/2017/10/
April 2017 https://yandex.com/bugbounty/hall-of-fame/2017/4/
March 2017 https://yandex.com/bugbounty/hall-of-fame/2017/3/
July 2016 https://yandex.com/bugbounty/hall-of-fame/2016/7/
April 2016 https://yandex.com/bugbounty/hall-of-fame/2016/4/
March 2016 https://yandex.com/bugbounty/hall-of-fame/2016/3/
February 2016 https://yandex.com/bugbounty/hall-of-fame/2016/2/
January 2016 https://yandex.com/bugbounty/hall-of-fame/2016/1/
December 2015 https://yandex.com/bugbounty/hall-of-fame/2015/12/
November 2015 https://yandex.com/bugbounty/hall-of-fame/2015/11/
October 2015 https://yandex.com/bugbounty/hall-of-fame/2015/10/
August 2015 https://yandex.com/bugbounty/hall-of-fame/2015/8/
June 2015 https://yandex.com/bugbounty/hall-of-fame/2015/6/
April 2015 https://yandex.com/bugbounty/hall-of-fame/2015/4/
March 2015 https://yandex.com/bugbounty/hall-of-fame/2015/3/
February 2015 https://yandex.com/bugbounty/hall-of-fame/2015/2/
January 2015 https://yandex.com/bugbounty/hall-of-fame/2015/1/
December 2014 https://yandex.com/bugbounty/hall-of-fame/2014/12/
November 2014 https://yandex.com/bugbounty/hall-of-fame/2014/11/
October 2014 https://yandex.com/bugbounty/hall-of-fame/all/
August 2014 https://yandex.com/bugbounty/hall-of-fame/all/
July 2014 https://yandex.com/bugbounty/hall-of-fame/all/
June 2014 https://yandex.com/bugbounty/hall-of-fame/all/
May 2014 https://yandex.com/bugbounty/hall-of-fame/all/
April 2014 https://yandex.com/bugbounty/hall-of-fame/all/
March 2014 https://yandex.com/bugbounty/hall-of-fame/all/
February 2014 https://yandex.com/bugbounty/hall-of-fame/all/
January 2014 https://yandex.com/bugbounty/hall-of-fame/all/
December 2013 https://yandex.com/bugbounty/hall-of-fame/all/
November 2013 https://yandex.com/bugbounty/hall-of-fame/all/
October 2013 https://yandex.com/bugbounty/hall-of-fame/all/
September 2013 https://yandex.com/bugbounty/hall-of-fame/all/
August 2013 https://yandex.com/bugbounty/hall-of-fame/all/
July 2013 https://yandex.com/bugbounty/hall-of-fame/all/
April-June 2013 https://yandex.com/bugbounty/hall-of-fame/all/
January-March 2013 https://yandex.com/bugbounty/hall-of-fame/all/
October-December 2012 https://yandex.com/bugbounty/hall-of-fame/all/

Google
https://bughunter.withgoogle.com/profile/1d87fcbc-fea5-4c1d-b4a0-559a56b7dac8
Q4 2013 Sergey Bobrov
Q1 2011 BlackFan
https://www.google.com/about/appsecurity/hall-of-fame/archive/

Facebook
2014
2011
https://www.facebook.com/whitehat/thanks/

Twitter
https://hackerone.com/twitter/thanks/2014
https://hackerone.com/twitter/thanks/2017

Etsy
https://www.etsy.com/bounty/hall-of-fame

Mozilla
Q4 2017
Q2 2017
Q2 2016
Q1 2016
https://www.mozilla.org/en-US/security/bug-bounty/web-hall-of-fame/

Yahoo
https://hackerone.com/yahoo/thanks/2014
https://hackerone.com/yahoo/thanks/2015
https://hackerone.com/yahoo/thanks/2016

Adobe
https://hackerone.com/adobe/thanks/2016
https://hackerone.com/adobe/thanks/2017
https://hackerone.com/adobe/thanks/prior
2012 https://helpx.adobe.com/security/acknowledgements.html

Mail.Ru
https://hackerone.com/mailru/thanks/2014
https://hackerone.com/mailru/thanks/2015
https://hackerone.com/mailru/thanks/2016
https://hackerone.com/mailru/thanks/2017
https://hackerone.com/mailru/thanks/2018

Apple
2017 https://support.apple.com/ru-ru/HT201536
2013 https://support.apple.com/ru-ru/HT207627

Foxycart
https://www.foxy.io/security-contact
https://bugcrowd.com/foxycart/hall-of-fame

Microsoft (Online Services)
June 2013 http://technet.microsoft.com/en-us/security/cc308575

Zynga
2014 https://www.zynga.com/security/whitehats

Serv-U File Server
http://www.securitylab.ru/lab/PT-2013-70
http://www.securitylab.ru/lab/PT-2013-69
http://www.securitylab.ru/lab/PT-2013-68
http://www.securitylab.ru/lab/PT-2013-67
http://www.securitylab.ru/lab/PT-2013-66

mnoGoSearch
http://www.securitylab.ru/lab/PT-2013-17
http://www.securitylab.ru/lab/PT-2013-18

Bitrix
http://www.securitylab.ru/lab/PT-2014-10

Jetty
http://www.securitylab.ru/lab/PT-2013-65

Schuberg Philis
October 2013 https://www.schubergphilis.com/2014/12/15/responsible-disclosure-hall-of-fame

Python
https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-2-release-candidate-1

QIWI
https://hackerone.com/qiwi/thanks/2018
https://hackerone.com/qiwi/thanks/2017
https://hackerone.com/qiwi/thanks/2016
https://hackerone.com/qiwi/thanks/2015
https://hackerone.com/qiwi/thanks/2014

Airbnb
https://hackerone.com/airbnb/thanks/2018
https://hackerone.com/airbnb/thanks/2017

Greenhouse.io
https://hackerone.com/greenhouse/thanks/2014

Pantheon
https://bugcrowd.com/pantheon/hall-of-fame

abacus
https://bugcrowd.com/abacus/hall-of-fame

Vimeo
https://hackerone.com/vimeo/thanks/2014
http://vimeo.com/about/security

Heroku
https://bugcrowd.com/heroku/hall-of-fame

Square
https://hackerone.com/square/thanks/2015

Trello
https://hackerone.com/trello/thanks/2015

Zaption
https://hackerone.com/zaption/thanks/2015

Dropbox
https://hackerone.com/dropbox/thanks/2015
https://hackerone.com/dropbox/thanks/2016
https://hackerone.com/dropbox/thanks/2017

Magix AG
June 2015 http://research.magix.com/

Indeed
https://bugcrowd.com/indeed/hall-of-fame

Shopify
https://hackerone.com/shopify/thanks/2017
https://hackerone.com/shopify/thanks/2016
https://hackerone.com/shopify/thanks/2015

SoundCloud
http://help.soundcloud.com/customer/portal/articles/2203632

Aspen
http://aspen.io/security.txt

Gratipay
https://gratipay.com/about/security/hall-of-fame
https://hackerone.com/gratipay/thanks/2015
https://liberapay.com/about/security

Anghami
https://hackerone.com/anghami/thanks/2015

Keybase
https://hackerone.com/keybase/thanks/2015

Zopim
https://hackerone.com/zopim/thanks/2015

Dashlane
https://hackerone.com/dashlane/thanks/2016

CloudWalk
https://hackerone.com/cloudwalk/thanks/2016

Uber
https://hackerone.com/uber/thanks/2016

Brocade
http://www.brocade.com/en/backend-content/pdf-page.html?/content/dam/common/documents/content-types/security-bulletin/tsb-2016-237-a.pdf
https://docs.broadcom.com/docs/12380452

ownCloud
https://hackerone.com/owncloud/thanks/2016

LocalTapiola
https://hackerone.com/localtapiola/thanks/2016
https://hackerone.com/localtapiola/thanks/2017

Skyliner
https://hackerone.com/skyliner/thanks/2016

Sucuri
https://hackerone.com/sucuri/thanks/2018
https://hackerone.com/sucuri/thanks/2016

leetfiles
https://hackerone.com/leetfiles/thanks/2016

C2FO
https://hackerone.com/c2fo/thanks/2015

Sophos
https://bugcrowd.com/sophos/hall-of-fame

Fitbit
https://bugcrowd.com/fitbit/hall-of-fame

Automattic
https://hackerone.com/automattic/thanks/2016

Teespring
https://hackerone.com/teespring/thanks/2016

Brave Software
https://hackerone.com/brave/thanks/2016

HubSpot
https://bugcrowd.com/hubspot/hall-of-fame

CloudFlare
https://hackerone.com/cloudflare/thanks/2017

Algolia
https://hackerone.com/algolia/thanks/2017

Quora
https://hackerone.com/quora/thanks/2017

Starbucks
https://hackerone.com/starbucks/thanks/2018
https://hackerone.com/starbucks/thanks/2017

Xero
https://hackerone.com/xero/thanks/2017

Ubiquiti Networks
https://hackerone.com/ubnt/thanks/2017

Tesla
https://bugcrowd.com/tesla/hall-of-fame

Jet.com
https://bugcrowd.com/jet/hall-of-fame

StatusPage.io
https://bugcrowd.com/statuspage/hall-of-fame

General Motors
https://hackerone.com/gm/thanks/2017

WakaTime
https://hackerone.com/wakatime/thanks/2017

Imgur
https://hackerone.com/imgur/thanks/2018

WePay
https://hackerone.com/wepay/thanks/2018
https://hackerone.com/wepay/thanks/2017

Spotify
https://hackerone.com/spotify/thanks/2018
https://hackerone.com/spotify/thanks/2017

Bitdefender
https://bugcrowd.com/bitdefender/hall-of-fame

Mobidea
https://bugcrowd.com/mobidea/hall-of-fame

Magento
https://bugcrowd.com/magento/hall-of-fame

Twilio
https://bugcrowd.com/twilio/hall-of-fame

You Need a Budget
https://bugcrowd.com/ynab/hall-of-fame

Vulners
https://hackerone.com/vulnerscom/thanks/2018

Plaid
https://hackerone.com/plaid/thanks/2018

SAP Concur
https://bugcrowd.com/concur/hall-of-fame

Tencent
https://en.security.tencent.com/user/p/twitter_tsrc178619771

Salesforce
https://trust.salesforce.com/en/security/thank-you/

Vanilla
https://hackerone.com/vanilla/thanks/2018

TTS
https://hackerone.com/tts/thanks/2018

Discourse
https://hackerone.com/discourse/thanks/2018

Upserve
https://hackerone.com/upserve/thanks/2018

BitMEX
https://hackerone.com/bitmex/thanks/2018

Gatecoin
https://hackerone.com/gatecoin/thanks/2018

MasterCard
https://bugcrowd.com/mastercard/hall-of-fame

Netflix
https://bugcrowd.com/netflix/hall-of-fame

Blue Jeans Network
https://bugcrowd.com/bluejeans/hall-of-fame

HackerOne Leaderboard
https://hackerone.com/leaderboard/2016/q4