Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page (at /.pomerium) uni

Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be

Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and p

Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial lo

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, contains two authorization related vuln

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, incorrectly handles resetting of HTTP/2

Pomerium is an open source identity-aware access proxy. Envoy, which Pomerium is based on, can abnormally terminate if an H/2 GOAW

Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process

Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2).