VDB
KO
CRITICAL

GHSA-99j7-fhr2-xfj4

`exploration` was removed from crates.io for malicious code

Details

A method within the `exploration` crate attempted to download and execute a payload from a remote site.

The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io.

Rustsec to Kirill Boychenko from the [Socket Threat Research Team](https://socket.dev/) for reporting this crate.

Are you affected?

Enter the version of the package you're using.

Affected packages

crates.io / exploration
Introduced in: 0

No fixed version published yet for exploration. Pin to a known-safe version or switch to an alternative.

References