GHSA-qprh-m6p3-hwxc: `sui-execution-cut` was removed from crates.io for malicious code

May 4, 2026

sui-execution-cut included a build script that attempted to exfiltrate data from the build machine.

The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io.

References

github.com/MystenLabs/sui
github.com/advisories/GHSA-qprh-m6p3-hwxc
rustsec.org/advisories/RUSTSEC-2026-0108.html

Code Behaviors & Features

Detect and mitigate GHSA-qprh-m6p3-hwxc with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →