I agree with Mark (I would seriously question the expertise of anyone who claims a computer-based system is “100% secure”), but from a quick look at the back end it appears to run the server inside Docker. So for a useful exploit, presumably you would have to chain a Graphviz bug with a container escape. So it’s more than script-kiddie level hacking.
Having said that, I would assume such a thing is possible. From the issues filed by Google Autofuzz that Mark linked, I expect most can be leveraged into RCE. At a guess, I would say it would take a motivated attacker only a few days to come up with something usable.
In the past, I’ve pondered whether we should ship a sandboxing tool with Graphviz. OS sandboxing mechanisms have reached a level of maturity on all the platforms we support that this would not be complex to implement. But I’ve shied away from this for threat modeling reasons. If you don’t trust a binary your vendor is shipping you, why would you trust the sandboxer they ship you? There’s a bit of nuance here (we’re trying to defend against malicious input, not an actively malicious binary), but I still think it’s wiser to depend on a third-party sandboxer with a more paranoid mindset (e.g. Bubblewrap). Ubuntu Snaps kind of have the right idea and macOS is moving in this direction, but decades of users expecting promiscuous file system access from their programs is making rolling this stuff out a bit of a tightrope-walk.