Every CVE whose affected-product data names Atlassian Sourcetree, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2017-8768 — CVSS 9.8 (critical): Atlassian SourceTree v2.5c and prior are affected by a command injection in the handling of the sourcetree:// scheme. It will lead to…
CVE-2018-13385 — CVSS 9.8 (critical): There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission…
CVE-2017-14592 — CVSS 8.8 (high): Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission…
CVE-2017-14593 — CVSS 8.8 (high): Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with…
CVE-2018-5226 — CVSS 8.8 (high): There was an argument injection vulnerability in Sourcetree for Windows via Mercurial repository tag name that is going to be deleted. An…
CVE-2019-11582 — CVSS 8.8 (high): An argument injection vulnerability in Atlassian Sourcetree for Windows's URI handlers, in all versions prior to 3.1.3, allows remote…
CVE-2024-21697 — CVSS 8.8 (high): This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for…
CVE-2018-13396 — CVSS 8.8 (high): There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in…
CVE-2018-13397 — CVSS 8.8 (high): There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories…
CVE-2018-20234 — CVSS 8.8 (high): There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in…
CVE-2018-20235 — CVSS 8.8 (high): There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in…
CVE-2018-20236 — CVSS 8.8 (high): There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote…
CVE-2018-13386 — CVSS 8.1 (high): There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with…
CVE-2023-22514 — CVSS 7.8 (high): This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.14 of Sourcetree for Mac and Sourcetree for…
CVE-2025-22165 — CVSS 7.3 (high): This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE…