Atlassian SourceTree Client version 2.5c and prior contain a client URL handler command injection vulnerability that allows attackers to execute specially crafted sourcetree:// commands with arbitrary arguments on multiple platforms.
76ccd1c3da69210c907e6ae1b6d727a681548009bf247047b3899781e363f05a
Airmail versions 3.0.2 and below suffer from a cross site scripting vulnerability.
e837c607d6a7d9ebf722d675a20cd3638b87cf0db5ed41e550b667a54bd2dd95