Loading the catalogue…
Loading the catalogue…
“Genuinely Sovereign Inference architecture with broad deployment flexibility, but 20 security advisories in under two years — including a CVSS 9.8 RCE — and a privacy policy that has been offline for seven weeks demand serious compensating controls.”
Editorial assessment, not legal advice. Stav's risk ratings, scores, and verdicts are our own analysis of publicly available information and may be incomplete or out of date. Verify independently before making compliance or procurement decisions.
Public security, privacy and governance advisories that are still open. Each row carries a source link — these are factual claims, not editorial judgements.
lowUpstream change on anythingllm: github_release 'v1.14.2' → 'v1.15.0', github_last_push '2026-06-23T00:03:53Z' → '2026-06-30T04:24:07Z'
other · open
Source ↗lowUpstream change on anythingllm: github_release 'v1.14.0' → 'v1.14.2', github_last_push '2026-06-16T05:00:01Z' → '2026-06-23T00:03:53Z'
other · open
Source ↗lowUpstream change on anythingllm: github_release 'v1.13.0' → 'v1.14.0', github_last_push '2026-06-09T04:01:04Z' → '2026-06-16T05:00:01Z', cve_count 19 → 20
other · open
Source ↗lowUpstream change on anythingllm: github_last_push '2026-06-02T04:28:00Z' → '2026-06-09T04:01:04Z'
other · open
Source ↗lowUpstream change on anythingllm: github_release 'v1.12.1' → 'v1.13.0', github_last_push '2026-05-19T01:51:34Z' → '2026-06-02T04:28:00Z', cve_count 16 → 19
other · open
lowUpstream change on anythingllm: github_last_push '2026-05-12T05:49:51Z' → '2026-05-19T01:51:34Z'
other · open
Source ↗lowUpstream change on anythingllm: github_last_push '2026-05-04T18:18:49Z' → '2026-05-12T05:49:51Z', cve_count 15 → 16
other · open
Source ↗lowUpstream change on anythingllm: github_release None → 'v1.12.1', github_last_push None → '2026-05-04T18:18:49Z', cve_count None → 15
other · open
Source ↗How AnythingLLM moves data between the client, the inference endpoint and any vendor-owned services.
OpenAI-compatible. Point AnythingLLM at Stav, set the header, you're done.
# AnythingLLM on Stav AI # OpenAI-compatible — drop the base URL in, swap your key, ship. OPENAI_API_KEY=$STAV_API_KEY OPENAI_BASE_URL=https://api.stav.ai/v1 # Header — Stav attributes usage to your registered app and respects # per-app routing policy. Send when the app supports custom headers. X-Stav-App-Id: anythingllm
Setup notes · Read about sovereign routing →
What a model must support to work well with AnythingLLM. Match these against the Stav model catalogue to pick an endpoint.
Live usage rolls up every five minutes. We surface the 12-week trend once enough requests have flowed through this app.
Live usage rolls up every five minutes. We surface the model mix once enough requests have flowed through this app.