{"id":"RUSTSEC-2025-0154","summary":"`replit_ruspty` was removed from crates.io for malicious code","details":"The OpenSSF Package Analysis project identified 'replit_ruspty' @ 1.0.0 (crates.io) as malicious. Version 2.0.0 was also published with malware.\n\nIt is considered malicious because: The package communicates with a domain associated with malicious activity. The package executes one or more commands associated with malicious behavior.\n\nThis advisory is to retrospectively document this attack. The download records of the malicious crate are no longer available. The related malicious crates have been deleted.","aliases":["MAL-2025-49350"],"modified":"2026-03-25T08:45:05.193114Z","published":"2025-11-04T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/replit_ruspty"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2025-0154.html"},{"type":"WEB","url":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/crates.io/replit_ruspty/MAL-2025-49350.json"}],"affected":[{"package":{"name":"replit_ruspty","ecosystem":"crates.io","purl":"pkg:cargo/replit_ruspty"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"}]}],"ecosystem_specific":{"affected_functions":null,"affects":{"os":[],"functions":[],"arch":[]}},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0154.json","informational":null,"categories":["malicious"],"cvss":null}}],"schema_version":"1.7.5"}