EUVD-2025-29621

Malicious code in bioql PyPI...

GHSA-65HM-PWJ5-73PW @executeautomation/database-server does not properly restrict access, bypassing a "read-only" mode

The MCP Server provided by ExecuteAutomation at https://github.com/executeautomation/mcp-database-server provides an MCP interface for agentic workflows to interact with different kinds of database servers such as PostgreSQL database. However, the mcp-database-server MCP Server distributed via th...

CVE-2025-59333 @executeautomation/database-server does not properly restrict access, bypassing a "read-only" mode

The mcp-database-server MCP Server 1.1.0 and earlier, as distributed via the npm package @executeautomation/database-server, fails to implement adequate security controls to properly enforce a "read-only" mode. This vulnerability affects only the npm distribution; other distributions are not...

PT-2025-37998

Name of the Vulnerable Software and Affected Versions: mcp-database-server MCP Server versions 1.1.0 and earlier Description: The mcp-database-server MCP Server distributed via the npm package @executeautomation/database-server does not implement adequate security controls to enforce read-only...