What is the official website of Frame.io ?

The official website of Frame.io is https://frame.io.

What is Frame.io's cybersecurity risk score?

Frame.io has an AI-generated cybersecurity risk score of 751 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has Frame.io experienced?

According to Rankiteo, Frame.io currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has Frame.io been affected by any supply chain cyber incidents ?

According to Rankiteo, Frame.io has been affected by multiple supply chain cyber incidents. The affected supply chain sources and their corresponding incident IDs are: Google (Incident ID: CANADOGOONETVER1777660893) Mirasvit (Incident ID: ADOMIR1780324139) BPO Process Outsourcing (Incident ID: ADOBPO1775190288) Adobe Commerce (Incident ID: ADOCMB1774536907) Adobe Commerce (Incident ID: DIETOYFILASUCITBENMAGLINYAMFIATHEBAN1774023969) Google (Incident ID: ADOSTRGOO1780611936) Adobe Commerce (Incident ID: ADO0092800102325)

Does Frame.io have SOC 2 Type 1 certification ?

According to Rankiteo, Frame.io is not certified under SOC 2 Type 1.

Does Frame.io have SOC 2 Type 2 certification ?

According to Rankiteo, Frame.io does not hold a SOC 2 Type 2 certification.

Does Frame.io comply with GDPR ?

According to Rankiteo, Frame.io is not listed as GDPR compliant.

Does Frame.io have PCI DSS certification ?

According to Rankiteo, Frame.io does not currently maintain PCI DSS compliance.

Does Frame.io comply with HIPAA ?

According to Rankiteo, Frame.io is not compliant with HIPAA regulations.

Does Frame.io have ISO 27001 certification ?

According to Rankiteo,Frame.io is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does Frame.io operate in ?

Frame.io operates primarily in the Software Development industry.

How many employees does Frame.io have ?

Frame.io employs approximately 71 people worldwide.

Does Frame.io own any subsidiaries ?

Frame.io presently has no subsidiaries across any sectors.

How many LinkedIn followers does Frame.io have ?

Frame.io's official LinkedIn profile has approximately 20,107 followers.

What is the NAICS classification code for Frame.io ?

Frame.io is classified under the NAICS code 5112, which corresponds to Software Publishers.

Does Frame.io have a Crunchbase profile ?

Yes, Frame.io has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/frame-io.

Does Frame.io have a LinkedIn profile ?

Yes, Frame.io maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/frame-io.

How many cybersecurity incidents has Frame.io experienced ?

As of June 16, 2026, Rankiteo reports that Frame.io has experienced 21 cybersecurity incidents.

How many peer or competitor companies does Frame.io have ?

Frame.io has an estimated 30,081 peer or competitor companies worldwide.

What types of cybersecurity incidents has Frame.io faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Breach, Vulnerability and Cyber Attack.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

Frame.io

Boost Score +25 with badge (5 left)

751

/1000

Fair

776

/1000

Fair

Frame.io Vendor Cyber Rating & Cyber Score

frame.io

cb in

Add Your Compliance Badge

Frame.io, an Adobe company, is a video review and collaboration platform designed to unify media assets and creative conversations in a user-friendly environment. Headquartered in New York City, Frame.io was developed by filmmakers, VFX artists, and post-production executives. Together, Adobe and Frame.io support nearly 1 million media professionals at enterprises including Netflix, Buzzfeed, Turner, Nasa & Vice Media. Learn more at https://frame.io

Frame.io A.I CyberSecurity Scoring

Scoring History

Frame.io

Frame.io CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

Adobe

Cyber Attack

6/2026

SPOMICADO178120...

Adobe

Breach

5/2026

METORATICBANYAH...

Adobe

Cyber Attack

5/2026

Google

CANADOGOONETVER...

Adobe Commerce

Vulnerability

100

4/2026

Mirasvit

ADOMIR178032413...

Adobe

Breach

4/2026

ADOGOOMICEURBOO...

Adobe

Vulnerability

4/2026

ADO1776003821

Adobe

Breach

100

4/2026

BPO Process Out...

ADOBPO177519028...

Adobe Commerce

Vulnerability

100

3/2026

Adobe Commerce

ADOCMB177453690...

Adobe Commerce

Cyber Attack

2/2026

Adobe Commerce

DIETOYFILASUCIT...

Adobe Commerce

Cyber Attack

12/2025

Google

ADOSTRGOO178061...

Frame.io

Cyber Attack

11/2025

ADO439304311112...

Adobe

Vulnerability

100

11/2025

ADO1775759555

Frame.io

Vulnerability

9/2025

ADO513205110232...

Frame.io

Vulnerability

6/2025

ADO040230410232...

Adobe

Vulnerability

100

6/2025

MICADO176702095...

Frame.io

Vulnerability

5/2025

ADO189251809092...

Adobe

Breach

100

1/2025

TENMYSTWITENCAN...

Adobe Commerce

Vulnerability

6/2024

Adobe Commerce

ADO009280010232...

Adobe

Vulnerability

1/2024

FORTHEADO177618...

Frame.io

Breach

9/2013

ADO711072925

Adobe

Breach

1/2013

ADOMETYAHATTTRA...

Loading…

A.I.

Frame.io Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for Frame.io

Incidents vs Software Development Industry Avg (This Year)

No incidents recorded for Frame.io in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Frame.io in 2026.

Incident Types Frame.io vs Software Development Industry Avg (This Year)

No incidents recorded for Frame.io in 2026.

Incident History - Frame.io (X = Date, Y = Severity)

Loading…

SUBSIDIARY

Frame.io Subsidiaries

Frame.io

Software Development

Website: https://frame.io

Company Size: 71

AdobeSoftware Development

Adobe Creative CloudSoftware Development

Adobe for BusinessSoftware Development

Adobe ExpressSoftware Development

Content Authenticity InitiativeSoftware Development

Adobe CommerceTechnology, Information and Internet

Adobe AcrobatSoftware Development

Loading…

Frame.io Similar Companies

Xiaomi Technology

cb mi.com

Xiaomi Corporation was founded in April 2010 and listed on the Main Board of the Hong Kong Stock Exchange on July 9, 2018 (1810.HK). Xiaomi is a consumer electronics and smart manufacturing company with smartphones and smart hardware connected by an IoT platform at its core. Embracing our vision of “Make friends with users and be the coolest company in the users’ hearts”, Xiaomi continuously pursues innovations, high-quality user experience and operational efficiency. The company relentlessly builds amazing products with honest prices to let everyone in the world enjoy a better life through innovative technology. Xiaomi is one of the world's leading smartphone companies. The company has also established the world’s leading consumer AIoT (AI+IoT) platform,reached 558 million smart devices connected to its platform (excluding smartphones,laptops and tablets) as of September 30 2022. Xiaomi products are present in more than 100 countries and regions around the world. In August 2022, Xiaomi was included in the Fortune Global 500 list for the fourth year in a row, ranking 266th. The company is the fastest-rising Chinese technology conglomerate during the four-year period. Xiaomi is a constituent of the Hang Seng Index, Hang Seng China Enterprises Index, Hang Seng TECH Index and Hang Seng China 50 Index.

Lazada

lazada.com

About Lazada Group Founded in 2012, Lazada Group is the leading eCommerce platform in Southeast Asia. We are accelerating progress in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam through commerce and technology. With the largest logistics and payments networks in the region, Lazada is a part of our consumers’ daily lives in the region and we aim to serve 300 million shoppers by 2030. Since 2016, Lazada is the Southeast Asia flagship platform of the Alibaba Group powered by its cutting-edge technology infrastructure.

Autodesk

autodesk.com

Autodesk is changing how the world is designed and made. Our technology spans architecture, engineering, construction, product design, manufacturing, and media and entertainment. We empower innovators everywhere to solve challenges, big and small. From greener buildings to smarter products and more mesmerizing blockbusters, Autodesk software helps our customers design and make a better world for all. Over 100 million people use Autodesk software, like AutoCAD, Revit, Maya, 3ds Max, Fusion 360, SketchBook, and more, to unlock their creativity and solve important design, business, and environmental challenges. Our software runs on both personal computers and mobile devices. It taps the infinite computing power of the cloud to help teams around the world collaborate, design, simulate, and fabricate their ideas in 3D. We provide exceptional compensation and benefit packages, and we’d love for you to join us. We’re proud to be an equal opportunity employer, and we consider all qualiﬁed applicants without regard to race, gender, disability, veteran status, or other protected category. To see our culture in action, check out #AutodeskLife. We are headquartered in the San Francisco Bay Area and have over 10,000 employees worldwide.

Agoda

careersatagoda.com

At Agoda, we bridge the world through travel. We aim to make it easy and rewarding for more travelers to explore and experience the amazing world we live in. We do so by enabling more people to see the world for less – with our best-value deals across our 6,000,000+ hotels and holiday properties, 130,000+ flight routes, 360,000+ activities, and more. Agoda was founded in 2005 in Thailand by two lifelong friends with a shared passion for travel. Today, Agoda is part of Booking Holdings [BKNG], and we have more than 7,000 employees from 90 nationalities in offices across Asia Pacific, the Middle East, Europe, and the Americas. In every department – from engineering to customer support – you’ll find that data and technology are at the heart of our culture. There’s never a boring day at Agoda as we aim to make travel hassle-free for everyone. If you’re ready to begin your best journey with us and help us build travel for the world, join us. For properties seeking partnership with Agoda, visit https://connect.agoda.com

Wolt

wolt.com

Wolt is a Helsinki-based technology company with a mission to bring joy, simplicity and earnings to the neighborhoods of the world. Wolt develops a local commerce platform that connects people looking to order food, groceries, and other goods with people interested in selling and delivering them. Wolt was founded in 2014 and joined forces with DoorDash (NASDAQ: DASH) in 2022. Together, we operate in more than 30 countries today.

Cisco

cisco.com

Cisco is the worldwide technology leader that is revolutionizing the way organizations connect and protect in the AI era. For more than 40 years, Cisco has securely connected the world. With its industry leading AI-powered solutions and services, Cisco enables its customers, partners and communities to unlock innovation, enhance productivity and strengthen digital resilience. With purpose at its core, Cisco remains committed to creating a more connected and inclusive future for all.

Shopify

cb shopify.com

Shopify is a leading global commerce company, providing trusted tools to start, grow, market, and manage a retail business of any size. Shopify makes commerce better for everyone with a platform and services that are engineered for reliability, while delivering a better shopping experience for consumers everywhere. Shopify powers millions of businesses in more than 175 countries and is trusted by brands such as Allbirds, Gymshark, PepsiCo, Staples, and many more. Find all our jobs here: www.shopify.com/careers

Avaya

cb tinyurl.com

At Avaya, we give our customers the freedom to take their business in the directions that benefit them most. We provide the paths for both customers and their employees where every moment big and small can drive in the moment, memorable experiences. The journey is theirs at the pace that makes sense for them with the innovation without disruption they need now and the solutions they can invest in the future.

GoTo Group

cb gotocompany.com

GoTo is the largest technology group in Indonesia, combining on-demand and financial services through the Gojek and GoTo Financial brands. It is the first platform in Southeast Asia to host these two essential use cases in one ecosystem, capturing a majority of Indonesian consumer household expenditure. GoTo’s mission is to “Empower Progress” by offering an unparalleled selection of goods and services through a comprehensive merchant and partner network and promoting financial inclusion through its leading payments and financial services business.

Loading…

NEWS

Frame.io CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

February 20, 2026 08:00 AM

Corsair's new "Vault" series FRAME 4000D cases have color-shifting paintjobs — Priced at $140, these limited-edition towers also feature upgraded front panel I/O

Corsair has just refreshed its FRAME 4000D lineup of cases with two new colors as part of its limited-edition "Vault" series.

Read Article

May 13, 2025 07:00 AM

New Ways to Frame Responsible Cyber Behaviour Beyond the UN

Understanding responsible cyber behaviour requires consideration of cultural values, regional alliances and domestic factors.

Read Article

March 18, 2025 07:00 AM

Attack time frames are shrinking rapidly. Here’s how cyber teams can cope

With attackers spending far less time hidden in systems, organizations must break down security silos and increase cross-tool integration to...

Read Article

March 06, 2025 08:00 AM

7 Cybersecurity Frameworks to Reduce Cyber Risk in 2025

Learn more about the top 7 cybersecurity frameworks that can help reduce cyber risk. These frameworks show that you're adhering to IT...

Read Article

February 19, 2025 08:00 AM

Proximus NXT Secures €100M Federal Cybersecurity Contract

Proximus NXT has secured a major new frame contract to provide managed cybersecurity services to several Belgian Federal Public Services (FPS) and other...

Read Article

October 14, 2024 07:00 AM

Frame.io V4 Is Open for Everyone

Adobe now offers Frame.io V4 for both free and paid customers. The collaborative video and photo platform has been completely overhauled in...

Read Article

January 16, 2024 08:00 AM

Framework Hacked - Hackers Compromised The Network Using Phishing Email

Framework's primary external accounting partner, Keating Consulting, discovered at 8:13 am PST on January 11th, 2024, that the network of Frame Work had been...

Read Article

December 20, 2023 08:00 AM

Identify cybersecurity anomalies in your Amazon Security Lake data using Amazon SageMaker

In this post, you learn how to prepare data sourced from Amazon Security Lake, and then train and deploy an ML model using an IP Insights algorithm in...

Read Article

February 18, 2023 08:00 AM

SignalFire Closes Over $900 Million And Launches XIR Program

SignalFire announced it closed over $900 million and they have launched an XIR program. These are the details.

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-53430

SUMMARY

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.ex and program routines 'Elixir.GRPC.Compressor.Gzip':decompress/1, 'Elixir.GRPC.Message':from_data/2. 'Elixir.GRPC.Compressor.Gzip':decompress/1 calls :zlib.gunzip/1 directly on attacker-controlled bytes with no decompressed-size limit, ratio check, or incremental decoding. Because this module is the registered gzip GRPC.Compressor implementation, it is invoked automatically whenever an incoming gRPC frame carries the grpc-encoding: gzip header. :zlib.gunzip/1 allocates the entire decompressed result as a single binary, so a small highly compressible payload (for example a few kilobytes of zeros, which gzip compresses at roughly 1000:1) expands to multiple gigabytes inside a single call. The max_receive_message_length limit is enforced only against the already-decompressed message, so it provides no protection. An unauthenticated remote peer can send a single crafted frame to exhaust the BEAM node's heap and trigger an out-of-memory kill. This issue affects grpc: from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48854

SUMMARY

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':read_full_body/3 (lib/grpc/server/adapters/cowboy/handler.ex) accumulates every received chunk into a single growing binary with no size cap. Additionally, when the client omits the grpc-timeout header, the per-chunk read timeout resolves to :infinity, allowing a slow-trickle client to keep the connection alive indefinitely while memory grows. A single connection is sufficient to exhaust server memory and crash the node. This issue affects grpc from 0.3.1 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 8.7

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48853

SUMMARY

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code execution on the server. 'Elixir.GRPC.Codec.Erlpack':decode/2 (lib/grpc/codec/erlpack.ex) calls :erlang.binary_to_term/1 on the raw gRPC message body without the :safe option, no size bound, and no type guard. Any unauthenticated peer that sends a request with Content-Type: application/grpc+erlpack can send a crafted payload that mints arbitrary new atoms (which are never garbage-collected, exhausting the bounded atom table and crashing the VM) or that encodes a fun term which, if applied anywhere downstream, executes attacker-controlled code inside the server process. This issue affects grpc from 0.4.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 9.2

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-48723

SUMMARY

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: 7.8)

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-48599

SUMMARY

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In 'Elixir.GRPC.Server.Transcode':map_request/5 (lib/grpc/server/transcode.ex), all three clauses use Map.merge/2 with path bindings as the first argument, giving them the lowest merge precedence. A request such as GET /users/me/profile?user_id=victim (or a POST with {"user_id": "victim"} when body: "*") yields a decoded protobuf struct where the path-bound field carries the attacker-supplied value rather than the router-extracted value. Any handler that uses the path-bound field for authorization, multi-tenancy scoping, or ownership checks is silently bypassed. This issue affects grpc from 0.8.0 before 1.0.0.

Published

Date2026-06-15

Updated

Date2026-06-15

RISK INFORMATION (Score: )

cvss4

Base Score: 7.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…