mcp-postgres-wrapper
by ShakibaMirbagheri
Overview
Provides PostgreSQL database access for AI agents and chat applications via the Model Context Protocol (MCP).
Installation
docker compose up -dEnvironment Variables
- POSTGRES_HOST
- POSTGRES_PORT
- POSTGRES_DB
- POSTGRES_USER
- POSTGRES_PASSWORD
Security Notes
CRITICAL SQL INJECTION VULNERABILITY: The server directly concatenates user-provided input (e.g., `table_name` and the `query` itself) into SQL statements using f-strings without proper sanitization or parameterized queries. This allows an attacker to execute arbitrary SQL commands by manipulating the input arguments to tools like `postgres_describe_table` or `postgres_query`. Additionally, default PostgreSQL credentials are provided as fallback environment variables, which could be a risk if not overridden.
Similar Servers
enhanced-postgres-mcp-server
This server acts as a Model Context Protocol interface for PostgreSQL, enabling LLMs to query data, modify records, and manage database schema objects with read and write capabilities.
dx-mcp-server
Empowers AI applications to interact with and query a user-provided Postgres database via the Model Context Protocol (MCP).
mcp-postgres
Provides a read-only Model Context Protocol (MCP) server for AI tools (like Claude Code, Cursor) to query a PostgreSQL database directly.
postgresql-mcp
Enabling AI agents to programmatically interact with PostgreSQL databases through a rich set of specialized tools and a sandboxed code execution environment.