`exploration` was removed from crates.io for malicious code
Critical severity
GitHub Reviewed
Published
Jul 10, 2026
to the GitHub Advisory Database
Description
Published to the GitHub Advisory Database
Jul 10, 2026
Reviewed
Jul 10, 2026
A method within the
explorationcrate attempted to download and execute a payload from a remote site.The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io.
Rustsec to Kirill Boychenko from the Socket Threat Research Team for reporting this crate.
References