Unity Security

Unity Technologies is focused on making it easy for content creators to build and distribute their creative results. Because of this we also know that security and trust is paramount here at Unity. This page discusses some security information for our services and also how to get a hold of Unity’s security team

Unity has developed and shared its security practices with others in our industry, such as our SSDLC, and security tools to maintain a high-level of Security. This includes on-going assessments, bug-bounty programs and continuing to grow our global security team (apply at https://careers.unity.com)

Security Updates and Patches are found below.

Protecting our customers' assets

When handling payment transactions we do not store any card information. All transactions are sent through an external payment processor that handles the information.

At Unity we understand that your game assets are critical to your business. That is why when you put your trust in us to store or build your game we take as many precautions as possible. From having regular security testing of our services and making sure user assets are securely stored and separated, we take the protection of your assets very seriously.

Responsible Disclosure

Unity has adopted a Responsible Disclosure policy as a part of our cooperation with internal and external security researchers and Bug Bounty program. Unity may withhold information about an identified vulnerability for a reasonable period of time to ensure that all customers are given time to patch their systems. For a full list of scope, and information on our Bug Bounty program, please contact security@unity3d.com.

Contacting us

We are happy to hear from you. We try to make it easy, just send us an email to support@unity3d.com and we will get back to you as soon as we can.

Reporting security issues and Bug Bounty

If you have found an issue we would love to talk with you. Please email security@unity3d.com and we will send you information about our Bug Bounty program.

Security updates and patches

Editor updates

Security Update Advisory
January 2023
CVE-2021-44228, CVE-2021-45046, log4j Java library
December 2021
CVE-2020-12630, CVE-2020-12631
May 2020

Out-of-bounds memory DoS

CVE-2019-9197
March 2019

Input String Validation RCE

CVE-2017-12939
August 2017

Input String Validation RCE

We use cookies to ensure that we give you the best experience on our website. Visit our cookie policy page for more information.

Got it