MCP PostgreSQL Server
Reference MCP server that exposes a Postgres database as a query surface. Read-only by default — but worth flagging that early versions had a SQL-injection class issue where the read-only wrapper could be bypassed by stacking statements. Production deployments should pin a current version and run with a least-privilege role on top of any wrapper guarantees.
Overview
Reference MCP server that exposes a Postgres database as a query surface. Read-only by default — but worth flagging that early versions had a SQL-injection class issue where the read-only wrapper could be bypassed by stacking statements. Production deployments should pin a current version and run with a least-privilege role on top of any wrapper guarantees.
Stack & relationships
How MCP PostgreSQL Server relates to other entries in the catalog — recommended pairings, alternatives, dependencies, and edges to avoid. Each edge carries a one-line operator note from our editorial team.
Works with
- Integrates withOpenHands
Postgres MCP exposes structured-knowledge memory to OpenHands. The /stacks/memory-enabled-agent recipe wires this path.
Avoid pairing with
- Works poorly withModel Context Protocol (MCP)
Older Postgres MCP versions had a statement-stacking SQL injection that bypassed the read-only wrapper. Pin a current version AND run with a least-privilege DB role.
Featured in this stack
The L3 execution stacks that pick this tool as a recommended component, with the one-line note explaining the role it plays in each.
- Stack · L3·Workstation tier·Role: MCP postgres (structured-knowledge memory)Build a memory-enabled local agent stack (May 2026)
Postgres MCP exposes a structured-knowledge database to the agent — complements vector-based memory (Mem0) by holding facts that need exact lookup. Pin to the current version and run with a least-privilege role; older versions had a SQL-injection escape on the read-only wrapper.
Pros
- Drop-in Postgres exposure for any MCP client
- Schema introspection out of the box
- Read-only mode the default
Cons
- Historic statement-stacking SQLi escape — pin to current versions
- Defense-in-depth requires a least-privilege DB role on top of the wrapper
- Long-running queries can saturate the client side
Compatibility
| Operating systems | macOS Linux Windows |
| GPU backends | n/a |
| License | Open source · free (OSS, MIT) |
Runtime health
Operator-grade signals on how actively MCP PostgreSQL Server is being maintained, how fresh its measurements are, and what failure classes operators have flagged. Every label below is anchored to a real date or count — we never infer maintainer activity we can't show.
Release cadence
Derived from the most recent editorial signal on this row.
8 days since last refresh · source: lastUpdated
Benchmark freshness
How recent the editorial measurements on this runtime are.
No editorial benchmarks for this runtime yet.
Community reproduction
Submissions that match an editorial measurement on similar hardware.
No community reproductions on file yet.
Get MCP PostgreSQL Server
Frequently asked
Is MCP PostgreSQL Server free?
What operating systems does MCP PostgreSQL Server support?
Does MCP PostgreSQL Server need a GPU?
Reviewed by RunLocalAI Editorial. See our editorial policy for how we evaluate tools.
Related — keep moving
Verify MCP PostgreSQL Server runs on your specific hardware before committing money.