MCP PostgreSQL Server
Reference MCP server that exposes a Postgres database as a query surface. Read-only by default — but worth flagging that early versions had a SQL-injection class issue where the read-only wrapper could be bypassed by stacking statements. Production deployments should pin a current version and run with a least-privilege role on top of any wrapper guarantees.
Overview
Reference MCP server that exposes a Postgres database as a query surface. Read-only by default — but worth flagging that early versions had a SQL-injection class issue where the read-only wrapper could be bypassed by stacking statements. Production deployments should pin a current version and run with a least-privilege role on top of any wrapper guarantees.
Stack & relationships
How MCP PostgreSQL Server relates to other entries in the catalog — recommended pairings, alternatives, dependencies, and edges to avoid. Each edge carries a one-line operator note from our editorial team.
Avoid pairing with
- Works poorly withModel Context Protocol (MCP)
Older Postgres MCP versions had a statement-stacking SQL injection that bypassed the read-only wrapper. Pin a current version AND run with a least-privilege DB role.
Pros
- Drop-in Postgres exposure for any MCP client
- Schema introspection out of the box
- Read-only mode the default
Cons
- Historic statement-stacking SQLi escape — pin to current versions
- Defense-in-depth requires a least-privilege DB role on top of the wrapper
- Long-running queries can saturate the client side
Compatibility
| Operating systems | macOS Linux Windows |
| GPU backends | n/a |
| License | Open source · free (OSS, MIT) |
Get MCP PostgreSQL Server
Frequently asked
Is MCP PostgreSQL Server free?
What operating systems does MCP PostgreSQL Server support?
Which GPUs work with MCP PostgreSQL Server?
Reviewed by RunLocalAI Editorial. See our editorial policy for how we evaluate tools.