Unity Security


Unity Technologies is focused on making it easy for content creators to build and distribute their creative results. Because of this we also know that security and trust is paramount here at Unity. This page discusses some security information for our services and also how to get a hold of Unity’s security team.

Unity is PCI Compliant, leveraging industry best practices, such as our SSDLC, and security tools to maintain a high-level of Security. This includes on-going assessments, bug-bounty programs and continuing to grow our global security team (apply at https://careers.unity.com)

Security Updates and Patches are found below.

Protecting Our Customer’s Assets

When handling payment transactions we do not store any card information. All transactions are sent through an external payment processor that handles the information.

At Unity we understand that your game assets are critical to your business. That is why when you put your trust in us to store or build your game we take as many precautions as possible. From having regular security testing of our services and making sure user assets are securely stored and separated, we take the protection of your assets very seriously.

Responsible Disclosure

Unity has adopted a Responsible Disclosure policy as a part of our cooperation with internal and external security researchers and Bug Bounty program. Unity may withhold information about an identified vulnerability for a reasonable period of time to ensure that all customers are given time to patch their systems. For a full list of scope, and information on our Bug Bounty program, please contact security@unity3d.com.

Contacting Us

We are happy to hear from you. We try to make it easy, just send us an email to support@unity3d.com and we will get back to you as soon as we can.

Reporting Security Issues and Bug Bounty

If you have found an issue we would love to talk with you. Please email security@unity3d.com and we will send you information about our Bug Bounty program.

Security Updates and Patches

Editor Updates

May 2020


CVE-2020-12630, CVE-2020-12631 Out-of-bounds memory DoS
March 2019


CVE-2019-9197 Input String Validation RCE
August 2017


CVE-2017-12939 Input String Validation RCE