MCPSafe
Registry/MCP Server Postgres (Deprecated)

MCP Server Postgres (Deprecated)

v0.0.2
Verified

PostgreSQL database access for MCP. DEPRECATED: SQL injection vulnerability in query builder. Use @modelcontextprotocol/server-postgres instead.

By CommunityMIT
typescript
database
890stars
28.0Kdownloads
120forks
Scanned Jun 26, 2026
WebsiteRepositoryNPM
postgressqldatabasevulnerable
A+100%
Scanned 5h ago

Excellent Security

Vulnerabilities Found
0Crit
0High
0Med
0Low
0Info

Security ScoreA+

100
out of 100

Vulnerabilities Found

0
Crit
0
High
0
Medi
0
Low
0
Info
Last scanned: 6/26/2026

Quality ScoreF

40
out of 100
40
Maint.
38
Popular
45
Docs
43
Compat
Maintenance40%
Popularity38%
Documentation45%
Compatibility43%

Maintenance40

Recent
9 days ago
Commit Frequency34%
Release Frequency41%
Issue Response41%

Popularity38

890
Stars
28.0K
Downloads
120
Forks
Stars Score54%
Downloads Score64%
Forks Score56%

Documentation45

README Quality83%

Available Documentation

API DocsExamplesChangelog

Compatibility43

MCP Spec Compliance45%
Transport Support50%

Features

TypeScript

Supported Transports

STDIO

Vulnerabilities(0)

No security vulnerabilities detected. This server has a clean security record.

READMEMCP Server Postgres (Deprecated)

View source

MCP Server Postgres

⚠️ DEPRECATED - SECURITY VULNERABILITY ⚠️

This package has been deprecated due to a SQL injection vulnerability.

Vulnerability

The dynamic query builder does not properly sanitize user input, allowing SQL injection attacks when AI assistants construct queries based on user requests.

Example Attack

A prompt like "Show me users where name is 'x'; DROP TABLE users;--" could result in data loss.

Migration

Migrate to @modelcontextprotocol/server-postgres which uses parameterized queries.

Timeline

  • v0.2.0: Vulnerability discovered
  • v0.2.1: Attempted fix (incomplete)
  • Deprecated: Recommended migration to official package

Embed Security Badge

Add this badge to your README or documentation

MCP Server Postgres (Deprecated) MCPSafe Security
[![MCP Server Postgres (Deprecated) MCPSafe Security](https://api.mcpsafe.org
/api/badge/mcp-server-postgres-deprecated.svg)](https://mcpsafe.org/registry/mcp-server-postgres-deprecated)
Need more customization options?Badge Documentation

Server Information

Source
NPM
Package
mcp-server-postgres
Version
0.0.2
Language
typescript
License
MIT
Transport
STDIO
Added
Jan 20, 2026
Updated
Jun 26, 2026

Actions

Compare with other serversRequest rescan