GHSA-99j7-fhr2-xfj4: `exploration` was removed from crates.io for malicious code
Summary
A malicious Rust package called `exploration` was removed from crates.io (a repository where developers share reusable code libraries) after it was discovered to contain code that downloaded and executed files from a remote server without authorization. The package was live for only about an hour before being removed, and there was no evidence that anyone actually used it.
Classification
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-99j7-fhr2-xfj4
First tracked: July 10, 2026 at 08:01 PM
Classified by LLM (prompt v3) · confidence: 75%