CRITICAL
GHSA-99j7-fhr2-xfj4
`exploration` was removed from crates.io for malicious code
Details
A method within the `exploration` crate attempted to download and execute a payload from a remote site.
The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io.
Rustsec to Kirill Boychenko from the [Socket Threat Research Team](https://socket.dev/) for reporting this crate.
Are you affected?
Enter the version of the package you're using.
Affected packages
crates.io / exploration
Introduced in:
0 No fixed version published yet for exploration. Pin to a known-safe version or switch to an alternative.