{"id":"RUSTSEC-2026-0030","summary":"`time_calibrator` was removed from crates.io due to malicious code","details":"It was reported `time_calibrator` contained malicious code, that would try to\nupload `.env` files to a server.\n\nThe malicious crate had only 1 version published at 2026-02-28 and no evidence\nof actual usage. The crate was removed from crates.io and the user account was\nlocked. There were no crates depending on this crate on crates.io.\n\nThanks to Gabriel Silva for finding and reporting this to the Rust security response\nworking group, and thanks to Emily Albini for co-ordinating with the crates.io and\ninfra-admin teams.","aliases":["GHSA-77xj-rrh3-wx3v"],"modified":"2026-03-17T22:45:08.544063Z","published":"2026-03-03T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/time_calibrator"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2026-0030.html"}],"affected":[{"package":{"name":"time_calibrator","ecosystem":"crates.io","purl":"pkg:cargo/time_calibrator"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"}]}],"ecosystem_specific":{"affects":{"os":[],"functions":[],"arch":[]},"affected_functions":null},"database_specific":{"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2026-0030.json","cvss":null,"categories":["malicious"],"informational":null}}],"schema_version":"1.7.5"}