Show Sidebar Hide Sidebar

Plotly Security Advisories

Plotly encourages security researchers to find vulnerabilities in our systems as part of our bounty program. As of August 1, 2016, we will also announce the security vulnerabilities in our systems after they have been evaluated and fixed across our Cloud and On-Premise systems.

If you believe that you have found a security vulnerability, please report the issue by following our security bounty program guidelines. Note that we have recently changed the address used to report issues, but reports to the old address will still be reviewed within 24h and are eligible for bounties.

If you need further control over your data and your users for your company, consider Plotly On-Premise for installing Plotly behind your firewall.

2016-08-08 - XSS in plotly.js

2016-11-24 - XSS in Plotly web interface

2017-01-27 - XSS in plotly.js

2017-01-27 - XSS in Plotly Dashboard Creator

Still need help?
Contact Us

For guaranteed 24 hour response turnarounds, upgrade to our Premium or Enterprise plans.