A nasty SQL injection bug in Anthropic’s now-retired Postgres MCP server let attackers blow past read-only mode and run whatever SQL they wanted. The repo got archived back in May 2025—but it’s far from dead. The unpatched package still racks up 21,000 NPM installs and 1,000 Docker pulls every week.
