Skip to content

jparkerweb/mcp-sqlite

v1.0.9 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2mo MCP Data & Storage
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

aitooling cursor database development equill-service mcp
+3 more
nodejs sqlite windsurf

Summary

AI summary

Fixes SQL injection vulnerability (CWE-89) in CRUD operations.

Full changelog

What's New 🎉

[1.0.9] - 2026-04-04

🛡️ Security

  • Fixed SQL injection vulnerability (CWE-89) in all CRUD operations and get_table_schema
  • Table names are now validated against sqlite_master before query construction
  • Column names are now validated against the target table's schema
  • All SQL identifiers are properly quoted with double-quote escaping

Security Fixes

  • SQL injection vulnerability (CWE-89) in CRUD operations and get_table_schema fixed with table and column name validation
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track jparkerweb/mcp-sqlite

Get notified when new releases ship.

Sign up free

About jparkerweb/mcp-sqlite

Model Context Protocol (MCP) server that provides comprehensive SQLite database interaction capabilities

All releases →

Related context

Beta — feedback welcome: [email protected]