Show Sidebar Hide Sidebar

Plotly Security Vulnerability Bounty Program

If you have found a security vulnerability, please email security@plot.ly with steps to reproduce the problem. Please allow up to 24 hours for an initial response.

Plotly Security Advisories have their own page.

We also run a private program on HackerOne. If you’d prefer to report a vulnerability via HackerOne and have a positive Signal statistic on HackerOne, please email us your HackerOne username as well as the email address you use there. (If you don’t currently have any vulnerabilities to report please don’t request an invitation.)

Rewards

In some cases, we will award monetary compensation (bounties) for these reports. These rewards are entirely up to our security team’s discretion. The amount of the reward is based on the complexity of successfully exploiting the vulnerability, the potential exposure, as well as the percentage of impacted users and systems.

Exclusions

The following issues are unlikely to be eligible for a bounty:

Investigation

In investigating security issues, we ask that:

Scope

Subject to the restrictions outlined elsewhere in this document, Plotly pays bounties for issues in the following scopes:

By participating in Plotly’s Bug Bounty program (the “Program”), you acknowledge that you have read and agree to Plotly’s terms of service as well as the following:

Still need help?
Contact Us

For guaranteed 24 hour response turnarounds, upgrade to our Premium or Enterprise plans.