Registry/Salesforce MCP (SOQL Injection)

Salesforce MCP (SOQL Injection)

v0.2.3

Verified

Salesforce CRM integration. WARNING: SOQL injection vulnerability in query builder.

By CommunityMIT

typescript

web services

920stars

24.0Kdownloads

125forks

Scanned Feb 8, 2026

Website NPM

salesforce crm soql-injection

D30%

Scanned 3w ago

Poor Security

Vulnerabilities Found

2Crit

3High

3Med

3Low

4Info

Security ScoreD

out of 100

Vulnerabilities Found

Crit

High

Medi

Low

Info

Last scanned: 2/8/2026

Quality ScoreF

out of 100

Maint.

Popular

Docs

Compat

Maintenance45%

Popularity42%

Documentation45%

Compatibility48%

Maintenance45

Active

6 days ago

Commit Frequency41%

Release Frequency36%

Issue Response44%

Popularity42

920

Stars

24.0K

Downloads

125

Forks

Stars Score54%

Downloads Score62%

Forks Score56%

Documentation45

README Quality78%

Available Documentation

API DocsExamplesChangelog

Compatibility48

MCP Spec Compliance50%

Transport Support50%

Features

TypeScript

Supported Transports

STDIO

Vulnerabilities(15)

2Critical

3High

3Medium

3Low

4Info

Filter:

READMESalesforce MCP (SOQL Injection)

Salesforce MCP

⚠️ SOQL INJECTION VULNERABILITY ⚠️

Issue

Query construction does not sanitize user input, allowing SOQL injection attacks.

Example

Input: x' OR Id != ''

Query becomes: SELECT Id FROM Account WHERE Name = 'x' OR Id != ''

Impact

Access to unauthorized records
Data exfiltration
Business logic bypass

Mitigation

Use parameterized queries with Salesforce Apex binding variables.

Embed Security Badge

Add this badge to your README or documentation

Badge Type

Style

[![Salesforce MCP (SOQL Injection) MCPSafe Security](https://api.mcpsafe.org
/api/badge/salesforce-mcp-soql-injection.svg)](https://mcpsafe.org/registry/salesforce-mcp-soql-injection)

Need more customization options?Badge Documentation

Server Information

Source: NPM
Package: salesforce-mcp
Version: 0.2.3
Language: typescript
License: MIT
Transport: STDIO
Added: Jan 20, 2026
Updated: Feb 8, 2026

Actions

Compare with other servers Request rescan

Salesforce MCP (SOQL Injection)

Security ScoreD

Vulnerabilities Found

Quality ScoreF

Maintenance45

Popularity42

Documentation45

Available Documentation

Compatibility48

Features

Supported Transports

Vulnerabilities(15)

Remote Code Execution via eval()

SQL Injection in Query Builder

Path Traversal Vulnerability

Hardcoded API Credentials

Prototype Pollution

Insecure Random Number Generation

Missing Input Validation in MCP Tool

Excessive Permission Request

Missing Rate Limiting

Verbose Error Messages

Outdated Dependency

Missing Security Headers

Console Logging in Production

Missing TypeScript Strict Mode

Missing Documentation

READMESalesforce MCP (SOQL Injection)

Salesforce MCP

Issue

Example

Impact

Mitigation

Embed Security Badge

Server Information

Actions