Show Sidebar Hide Sidebar

Plotly Security & Vulnerability Program

Plotly welcomes reports of serious security issues that substantially affect the confidentiality or integrity of user data in Dash Enterprise, Chart Studio Enterprise, and Chart Studio Cloud, as well as serious security issues that affect Dash Apps hosted on Dash Enterprise. If you believe you have found a serious security vulnerability, please email with steps to reproduce the problem. Please allow up to 24 hours for an initial response, or more on weekends.

Plotly Security Advisories have their own page.

We also run a private program on HackerOne. If you’d prefer to report a vulnerability via HackerOne and have a positive Signal statistic on HackerOne, please email us your HackerOne username as well as the email address you use there. (If you don’t currently have any vulnerabilities to report please don’t request an invitation.)


In some cases, we will award monetary compensation (bounties) for these reports. These rewards are entirely up to our security team’s discretion. The amount of the reward is based on the complexity of successfully exploiting the vulnerability, the potential exposure, as well as the percentage of impacted users and systems.


The following issues are unlikely to be eligible for a bounty:


In investigating security issues, we ask that:


Subject to the restrictions outlined elsewhere in this document, Plotly pays bounties for issues in the following scopes:

By participating in Plotly’s Security & Vulnerability Program (the “Program”), you acknowledge that you have read and agree to Plotly’s terms of service as well as the following: