← All tools

@benborla29/mcp-server-mysql

MCP

MCP server for interacting with MySQL databases with write operations support

v2.0.8 MIT Tested 8 Feb 2026
3.0
Security gate triggered — critical vulnerabilities found. Overall score capped at 3.0.

Dimension scores

Security 3.0
Reliability 6.0
Agent usability 7.0
Compatibility 8.0
Code health 7.0

Compatibility

Framework Status Notes
Claude Code
OpenAI Agents SDK ~ Only supports stdio transport by default - OpenAI SDK prefers SSE, Would need SSE transport configuration for optimal OpenAI integration
LangChain Tool response format (nested content array) may need adapter for clean LangChain integration

Security findings

CRITICAL

SQL injection vulnerability in executeQuery

src/db/index.ts:54 - executeQuery accepts raw SQL with params array but doesn't validate input. Multiple callers pass unsanitized user input directly to connection.query(sql, params). No input validation on sql parameter before execution.

CRITICAL

Hardcoded credentials in repository

.env file committed with credentials: MYSQL_PASS='my_secure_password', MYSQL_USER='root'. .env.test contains actual test credentials. Both files are tracked in repo (1309 and 1285 bytes respectively).

CRITICAL

Command injection via MYSQL_CONNECTION_STRING

src/utils/index.ts:68-157 parseMySQLConnectionString() parses raw connection strings without validation. Accepts arbitrary mysql command-line arguments. No sanitization of socketPath, host, or other parameters before use in mysql2.createPool().

HIGH

Insufficient path traversal protection

src/utils/index.ts:129 - socketPath can be set via connection string or env var with no validation. Could reference arbitrary filesystem paths: config.socketPath = value (no path sanitization, no chroot checks).

HIGH

Multi-statement execution enabled by default

src/config/index.ts and scripts/setup-test-db.ts - multipleStatements: true in connection config. Allows SQL injection to execute multiple queries in single call, escalating impact of any injection vulnerability.

HIGH

Permission bypass in multi-DB mode

src/db/permissions.ts and src/db/utils.ts - extractSchemaFromQuery() uses regex to parse schema names. Can be bypassed with crafted queries using comments or alternate syntax. isInsertAllowedForSchema() returns global default if schema extraction fails.

MEDIUM

Verbose error messages leak system information

MEDIUM

No rate limiting or query complexity checks

MEDIUM

Weak password handling

Reliability

Success rate

72%

Calls made

100

Avg latency

150ms

P95 latency

350ms

Failure modes

  • SQL parsing failures with complex queries or non-standard syntax may crash without graceful fallback
  • Connection pool exhaustion under high load - queueLimit=100 may be insufficient, leading to rejected connections
  • No timeout protection on individual queries - long-running queries can block resources indefinitely
  • Multi-DB mode safety checks incomplete - MULTI_DB_WRITE_MODE bypass exists but permissions may not cascade correctly
  • Transaction rollback on read-only queries always happens but commit/rollback errors not fully handled
  • Schema extraction via regex is brittle - complex queries with subqueries, CTEs, or nested schema.table references may fail
  • Environment variable parsing errors (port validation, missing values) can cause startup crashes rather than graceful degradation
  • Connection string parsing has edge cases with special characters in passwords or unusual flag combinations
  • No circuit breaker pattern - repeated DB failures will continue attempting connections
  • Error messages sometimes leak implementation details (stack traces, internal state) rather than sanitized user-facing errors

Code health

License

MIT

Has tests

Yes

Has CI

No

Dependencies

30

Active project with good documentation and test coverage. TypeScript with type checking configured. Has comprehensive test suite (unit, integration, e2e tests). Well-documented with README, CHANGELOG, setup guides, and license. Published to npm (@benborla29/mcp-server-mysql v2.0.8). Has lockfiles (npm and pnpm). Missing CI/CD configuration (no GitHub Actions or other CI). ESLint configured. Dependencies include mysql2, dotenv, node-sql-parser, and MCP SDK. Cannot verify git activity metrics (last commit, contributor count, issues/PRs) without repository access. Code structure shows mature patterns with proper error handling, permissions system, multi-database support, and transaction management. Test files cover multiple scenarios including schema permissions, multi-db mode, socket connections, and write operations.

View source on GitHub →