NeuronDB

The C-based PostgreSQL extension code (`NeuronDB/src/search/sparse_search.c`, `hybrid_search.c`, `semantic_keyword_search.c`, `multi_vector_search.c`, `faceted_vector_search.c`, `temporal_vector_search.c`, `diverse_vector_search.c`) constructs SQL queries by directly concatenating user-provided table and column names (`tbl_str`, `col_str`, `facet_str`, `ts_str`) into the query string using `%s` in `appendStringInfo`. This is a classic SQL injection vulnerability, as malicious input in these parameters could alter the SQL query. For instance, a user could supply a table name like `mytable; DROP TABLE important_data;` leading to data loss or unauthorized access. While the Node.js/TypeScript layer of NeuronMCP generally uses parameterized queries and `escapeIdentifier` for dynamic SQL, the underlying C extension functions contain this critical flaw. The `PluginManager` allows loading external plugins, which could be a risk if not sourced from trusted origins.