```toml [advisory] id = "RUSTSEC-2026-0155" package = "exploration" date = "2026-06-02" expect-deleted = true categories = ["malicious"] aliases = ["GHSA-99j7-fhr2-xfj4"] [versions] patched = [] ``` # `exploration` was removed from crates.io for malicious code A method within the `exploration` crate attempted to download and execute a payload from a remote site. The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Kirill Boychenko from the [Socket Threat Research Team](https://socket.dev/) for reporting this crate.