Plotly Security Advisories

Plotly encourages security researchers to find vulnerabilities in our systems as part of our bounty program. As of August 1, 2016, we will also announce the security vulnerabilities in our systems after they have been evaluated and fixed across our Cloud and On-Premise systems.

If you believe that you have found a security vulnerability, please report the issue by following our security bounty program guidelines. Note that we have recently changed the address used to report issues, but reports to the old address will still be reviewed within 24h and are eligible for bounties.

If you need further control over your data and your users for your company, consider Chart Studio Enterprise for installing Chart Studio behind your firewall.

2016-08-08 - XSS in plotly.js

2016-11-24 - XSS in Chart Studio web interface

2017-01-27 - XSS in plotly.js

2017-01-27 - XSS in Chart Studio Dashboard Creator