Mcp Memory Service

Open-source persistent memory for AI agent pipelines (LangGraph, CrewAI, AutoGen) and Claude. REST API + knowledge graph + autonomous consolidation.

CommunityActiveNot testedUpdated 4/3/2026

★ 1.6kPyPI

Edit this page

MCPpedia
Score

No CVEsActive2 toolsstdioremoteApache-2.0

How we score →

Should you use this server?

Open-source persistent memory for AI agent pipelines (LangGraph, CrewAI, AutoGen) and Claude. REST API + knowledge graph + autonomous consolidation.

✓

Is it safe?

No known CVEs for mcp-memory-service. 2 previously resolved.

No authentication — any process on your machine can connect to this server.

Apache-2.0. View license →

Last scanned 0 days ago.

✓

Is it maintained?

Last commit 0 days ago. 1,594 GitHub stars.

Will it work with my client?

Transport: stdio, sse, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

How much context will it use?

2 tools. Estimated ~200 tokens of your context window (0.1% of 200K).

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx mcp-memory-service 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Tools (2)

store_memory

Store a memory with optional tags and agent ID

search_memories

Search stored memories by query and optional tags

Score Breakdown

MCPpedia Score

Click each category to see evidence

91A

Scored just now

How we score →

Security

30/30

Last scanned just now

No open vulnerabilities. 2 fixed CVEs.

✓

CVEs — 2 fixed CVEs — update to 10.25.1+check OSV.dev \u2192

○

Authentication — None required — easy to connect

✓

License — Apache-2.0view license \u2192

✓

Repository — Activeview repo \u2192

✗

MCPpedia review — Not yet reviewed by MCPpedia

Advisories (0 open, 2 fixed)

lowCVSS 3.1CVE-2026-33010Fixed

mcp-memory-service's Wildcard CORS with Credentials Enables Cross-Origin Memory Theft

### Summary When the HTTP server is enabled (`MCP_HTTP_ENABLED=true`), the application configures FastAPI's CORSMiddleware with `allow_origins=['*']`, `allow_credentials=True`, `allow_methods=["*"]`, and `allow_headers=["*"]`. The wildcard `Access-Control-Allow-Origin: *` header permits any website to read API responses cross-origin. When combined with anonymous access (`MCP_ALLOW_ANONYMOUS_ACCESS=true`) - the simplest way to get the HTTP dashboard working without OAuth - no credentials are need

Fixed in 10.25.1Published Mar 7, 2026source \u2192

lowCVSS 3.1CVE-2026-29787Fixed

mcp-memory-service Vulnerable to System Information Disclosure via Health Endpoint

### Summary The `/api/health/detailed` endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When `MCP_ALLOW_ANONYMOUS_ACCESS=true` is set (required for the HTTP server to function without OAuth/API key), this endpoint is accessible without authentication. Combined with the default `0.0.0.0` binding, this exposes sensitive reconnaissance data to the entire network. ### Details ### Vulnerabl

Fixed in 10.21.0Published Mar 5, 2026source \u2192

CVEs checked daily via OSV.dev. Score algorithm is open source.

Embed this score in your READMEPreview badge

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-memory-service)](https://mcppedia.org/s/mcp-memory-service)