Is Mcp Odbc Server safe to use?

Mcp Odbc Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Mcp Odbc Server?

Mcp Odbc Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Mcp Odbc Server do?

Mcp Odbc Server provides 10 tools: get_schemas, get_tables, describe_table, filter_table_names, query_database and 5 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Mcp Odbc Server?

Mcp Odbc Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.

Is Mcp Odbc Server actively maintained?

Mcp Odbc Server is less actively maintained — last commit was 310 days ago. It has 12 GitHub stars.

Mcp Odbc Server

Name: Mcp Odbc Server
Author: OpenLinkSoftware

@modelcontextprotocol/sdk · by OpenLinkSoftware

Typescript based Model Context Procotol (MCP) Server for Open Database Connectivity (ODBC)

12 35.8M/wk 10 tools GitHub npm

No known CVEs

MIT license

Stale

Last commit 310d ago

Works with most clients

Transport: stdio, http

10 tools · ~1.3k tok

Grade B · 0.6% of 200K ctx

Edit this pageView history

Data Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "ODBC": {
      "env": {
        "PATH": "~/.nvm/versions/node/v21.1.0/bin:${PATH}",
        "ODBCINI": "/Library/ODBC/odbc.ini",
        "NODE_VERSION": "v21.1.0"
      },
      "args": [
        "/path/to/mcp-odbc-server/node_modules/.bin/tsx",
        "/path/to/mcp-odbc-server/src/main.ts"
      ],
      "command": "/path/to/.nvm/versions/node/v21.1.0/bin/node",
      "disabled": false,
      "autoApprove": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-odbc-server)](https://mcppedia.org/s/mcp-odbc-server)

Read me

What Mcp Odbc Server does

This document covers the set up and use of a generic ODBC server for the Model Context Protocol (MCP), referred to as an mcp-odbc server. It has been developed to provide Large Language Models with transparent access to ODBC-accessible data sources via a Data Source Name configured for a specific ODBC Connector (also called an ODBC Driver).

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@modelcontextprotocol/sdk' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

79/100across 5 weighted dimensions

How we score →

0255075100

−21

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

3 fixed

CVE-2026-25536low · fixedCVSS 3.1

@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

### Summary Cross-client data leak via two distinct issues: (1) reusing a single `StreamableHTTPServerTransport` across multiple client requests, and (2) reusing a single `McpServer`/`Server` instance across multiple transports. Both are most common in stateless deployments. ### Impact This advisory covers two related but distinct vulnerabilities. A deployment may be affected by one or both. #### Issue 1: Transport re-use **What happens:** When a single `StreamableHTTPServerTransport` insta

Affected: >= 1.10.0Fixed in 1.26.0source →

CVE-2026-0621medium · fixedCVSS 4

Anthropic's MCP TypeScript SDK has a ReDoS vulnerability

### Impact A ReDoS vulnerability in the `UriTemplate` class allows attackers to cause denial of service. The `partToRegExp()` function generates a regex pattern with nested quantifiers (`([^/]+(?:,[^/]+)*)`) for exploded template variables (e.g., `{/id*}`, `{?tags*}`), causing catastrophic backtracking on malicious input. **Who is affected:** MCP servers that register resource templates with exploded array patterns and accept requests from untrusted clients. **Attack result:** An attacker sen

Affected: >= 0Fixed in 1.25.2source →

CVE-2025-66414medium · fixedCVSS 4

Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default

The Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication with `StreamableHTTPServerTransport` or `SSEServerTransport` and has not enabled `enableDnsRebindingProtection`, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or access re

Affected: >= 0Fixed in 1.24.0source →

Inventory

Tools (10)

Click any tool to inspect its schema.

~1.3k tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Odbc Server safe to use?: Mcp Odbc Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mcp Odbc Server?: Mcp Odbc Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Mcp Odbc Server do?: Mcp Odbc Server provides 10 tools: get_schemas, get_tables, describe_table, filter_table_names, query_database and 5 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Mcp Odbc Server?: Mcp Odbc Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is Mcp Odbc Server actively maintained?: Mcp Odbc Server is less actively maintained — last commit was 310 days ago. It has 12 GitHub stars.

Similar servers

Others in data / developer-tools

View all →

PostgreSQL MCP Server98

Query and manage PostgreSQL databases directly from AI assistants

86.4k 1

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.8k 2

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.8k 1

Mcp_agent_mail96

Asynchronous coordination layer for AI coding agents: identities, inboxes, searchable threads, and advisory file leases over FastMCP + Git + SQLite

2.0k 6

MCP Security Weekly

Get CVE alerts and security updates for Mcp Odbc Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Data Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "ODBC": {
      "env": {
        "PATH": "~/.nvm/versions/node/v21.1.0/bin:${PATH}",
        "ODBCINI": "/Library/ODBC/odbc.ini",
        "NODE_VERSION": "v21.1.0"
      },
      "args": [
        "/path/to/mcp-odbc-server/node_modules/.bin/tsx",
        "/path/to/mcp-odbc-server/src/main.ts"
      ],
      "command": "/path/to/.nvm/versions/node/v21.1.0/bin/node",
      "disabled": false,
      "autoApprove": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-odbc-server)](https://mcppedia.org/s/mcp-odbc-server)

Read me

What Mcp Odbc Server does

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@modelcontextprotocol/sdk' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

OpenLink MCP Server for ODBC

This document covers the set up and use of a generic ODBC server for the Model Context Protocol (MCP), referred to as an mcp-odbc server. It has been developed to provide Large Language Models with transparent access to ODBC-accessible data sources via a Data Source Name configured for a specific ODBC Connector (also called an ODBC Driver).

Server Implementation

This MCP Server for ODBC is a small TypeScript layer built on top of node-odbc. It routes calls to the host system's local ODBC Driver Manager via node.js (specifically using npx for TypeScript).

Operating Environment Set Up & Prerequisites

While the examples that follow are oriented toward the Virtuoso ODBC Connector, this guide will also work with other ODBC Connectors. We strongly encourage code contributions and submissions of usage demos related to other database management systems (DBMS) for incorporation into this project.

Key System Components

Check the node.js version. If it's not 21.1.0 or higher, upgrade or install explicitly using:
```
nvm install v21.1.0
```

Install MCP components using:

npm install @modelcontextprotocol/sdk zod tsx odbc dotenv

Set the nvm version using:
```
nvm alias default 21.1.0
```

Installation

Run

git clone https://github.com/OpenLinkSoftware/mcp-odbc-server.git

Change directory
```
cd mcp-odbc-server
```
Run
```
npm init -y
```

Run

npm install @modelcontextprotocol/sdk zod tsx odbc dotenv

unixODBC Runtime Environment Checks

Check installation configuration (i.e., location of key INI files) by running:
```
odbcinst -j
```
List available data source names (DSNs) by running:
```
odbcinst -q -s
```

Environment Variables

As good security practice, you should use the .env file situated in the same directory as the mcp-ser to set bindings for the ODBC Data Source Name (ODBC_DSN), the User (ODBC_USER), the Password (ODBC_PWD), the ODBC INI (ODBCINI), and, if you want to use the OpenLink AI Layer (OPAL) via ODBC, the target Large Language Model (LLM) API Key (API_KEY).

API_KEY=sk-xxx
ODBC_DSN=Local Virtuoso
ODBC_USER=dba
ODBC_PASSWORD=dba
ODBCINI=/Library/ODBC/odbc.ini

Usage

Tools

After successful installation, the following tools will be available to MCP client applications.

Overview

name	description
`get_schemas`	List database schemas accessible to connected database management system (DBMS).
`get_tables`	List tables associated with a selected database schema.
`describe_table`	Provide the description of a table associated with a designated database schema. This includes information about column names, data types, null handling, autoincrement, primary key, and foreign keys
`filter_table_names`	List tables associated with a selected database schema, based on a substring pattern from the `q` input field.
`query_database`	Execute a SQL query and return results in JSON Lines (JSONL) format.
`execute_query`	Execute a SQL query and return results in JSON Lines (JSONL) format.
`execute_query_md`	Execute a SQL query and return results in Markdown table format.
`spasql_query`	Execute a SPASQL query and return results.
`sparql_query`	Execute a SPARQL query and return results.
`virtuoso_support_ai`	Interact with the Virtuoso Support Assistant/Agent — a Virtuoso-specific feature for interacting with LLMs

Detailed Description

get_schemas
- Retrieve and return a list of all schema names from the connected database.
- Input parameters:
  - user (string, optional): Database username. Defaults to "demo".
  - password (string, optional): D

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

79/100across 5 weighted dimensions

How we score →

0255075100

−21

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

3 fixed

CVE-2026-25536low · fixedCVSS 3.1

@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

Affected: >= 1.10.0Fixed in 1.26.0source →

CVE-2026-0621medium · fixedCVSS 4

Anthropic's MCP TypeScript SDK has a ReDoS vulnerability

Affected: >= 0Fixed in 1.25.2source →

CVE-2025-66414medium · fixedCVSS 4

Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default

Affected: >= 0Fixed in 1.24.0source →

Inventory

Tools (10)

Click any tool to inspect its schema.

~1.3k tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Odbc Server safe to use?: Mcp Odbc Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mcp Odbc Server?: Mcp Odbc Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Mcp Odbc Server do?: Mcp Odbc Server provides 10 tools: get_schemas, get_tables, describe_table, filter_table_names, query_database and 5 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Mcp Odbc Server?: Mcp Odbc Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is Mcp Odbc Server actively maintained?: Mcp Odbc Server is less actively maintained — last commit was 310 days ago. It has 12 GitHub stars.