github.com/pomerium/pomerium vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2024-47616Highgithub.com/pomerium/pomerium: Pomerium service account access token may grant unintended access to databroker APICVE-2022-24797Mediumgithub.com/pomerium/pomerium: Exposure of debug and metrics endpoints in PomeriumCVE-2024-39315Mediumgithub.com/pomerium/pomerium: Pomerium exposed OAuth2 access and ID tokens in user info endpoint responseCVE-2023-33189Criticalgithub.com/pomerium/pomerium: Pomerium vulnerable to Incorrect Authorization with specially crafted requestsGHSA-J34V-3552-5R7JMediumgithub.com/pomerium/pomerium: Multiple security issues in Pomerium's embedded envoyCVE-2021-41230Mediumgithub.com/pomerium/pomerium: OIDC claims not updated from Identity Provider in PomeriumCVE-2021-39206Highgithub.com/pomerium/pomerium: Incorrect Authorization with specially crafted requestsCVE-2021-39204Highgithub.com/pomerium/pomerium: Excessive CPU usageCVE-2021-39162Highgithub.com/pomerium/pomerium: Incorrect handling of H2 GOAWAY + SETTINGS framesCVE-2021-29651Mediumgithub.com/pomerium/pomerium: JWT leak via Open Redirect in Programmatic accessCVE-2021-29652Mediumgithub.com/pomerium/pomerium: pomerium_signature is not verified in middleware in github.com/pomerium/pomerium

Stop the waste.
Protect your environment with Kodem.