AnythingLLM (v1.12.0) is a self-hosted, full-stack AI application developed by Mintplex Labs that combines document chat, AI agents, and configurable model backends in a single interface. With over 58k GitHub stars, it’s one of the most popular open-source RAG platforms. It supports multiple LLMs and vector stores, making it ideal for internal knowledge bases and private RAG deployments. The Docker version supports multi-user access with role-based permissions, while the desktop app provides single-user functionality.
License: MIT (open-source)
GitHub: Mintplex-Labs/anything-llm (58k stars, 6.3k forks)
- Built-in RAG - Turn documents into context for any LLM
- AI Agents - Autonomous AI capabilities with no-code agent builder
- MCP Compatible - Full Model Context Protocol support (Tools only, no Resources/Prompts/Sampling)
- Multi-user Mode - Role-based access control (Docker version)
- Multi-modal Support - Images, PDFs, and documents
- Embeddable Chat Widgets - Deploy chat on your website
- Document Ingestion - PDF, TXT, DOCX, MD, and more
- Agent Tools - Web browsing, code execution, API calls
- Chat Modes - Different interaction modes for various use cases
- API Access - Full developer API for integrations
- Desktop App - Native applications for macOS, Windows, and Linux (Electron-based)
- Mobile App - Available on Google Play (v1.10.0+)
- PWA Support - Progressive Web App (v1.9.1+)
- Desktop Overlay - Floating assistant overlay (v1.11.0)
- Community Hub - Share plugins, prompts, and skills
Note: AnythingLLM supports 36+ LLM providers. Below are the most popular options.
- OpenAI - GPT-4, GPT-4o, GPT-3.5-turbo
- Anthropic - Claude 3.5, Claude 3
- Google Gemini - Gemini Pro, Gemini Ultra
- Azure OpenAI - Enterprise Azure deployment
- AWS Bedrock - Amazon’s managed LLM service
- Groq - Fast inference with LPU
- Mistral AI - Mistral, Mixtral models
- Cohere - Command, Command-R models
- Perplexity AI - Search-enhanced models
- Together AI - Open-source model hosting
- OpenRouter - Unified API for multiple providers
- DeepSeek - DeepSeek-V2, DeepSeek-Coder
- xAI - Grok models
- NVIDIA NIM - NVIDIA inference platform
- Fireworks AI - Fast inference service
- Z.AI - Zhipu AI models
- Hugging Face - Open-source model hosting
- Apipie - AI API aggregator
- PPIO - Decentralized AI cloud
- Gitee AI - Chinese AI model platform
- Moonshot AI - Advanced AI models
- CometAPI - Unified AI API
- Docker Model Runner - Local Docker AI models
- PrivateModeAI - Privacy-focused AI
- SambaNova Cloud - Fast inference platform
- Lemonade by AMD - AMD’s AI cloud
- Ollama - Local model serving
- LM Studio - Desktop model server
- LocalAI - Self-hosted OpenAI-compatible API
- KoboldCPP - Local inference engine
- Text Generation Web UI - Oobabooga web interface
- LiteLLM - Unified LLM API proxy
- LanceDB - Default, serverless vector DB
- Chroma - Popular open-source vector DB
- Milvus - Scalable vector database
- PGVector - PostgreSQL vector extension
- Astra DB - DataStax vector database
- Pinecone - Managed vector database
- Qdrant - Vector similarity search engine
- Weaviate - GraphQL-enabled vector DB
- Zilliz - Managed Milvus service
- Internal Knowledge Base - Chat with company documents
- Private RAG Applications - Keep data within your security boundary
- Team AI Assistant - Multi-user access with permissions
- Customer Support Chatbots - Embeddable widgets
- Research Assistant - Document analysis and summarization
- Code Documentation - Chat with codebases
- Backend: Node.js
- Frontend: React
- Language: JavaScript (98.4%), CSS (1.3%), Dockerfile (0.2%), HTML (0.1%), Other (0.1%)
- Database: SQLite (default), PostgreSQL (optional)
- Vector DB: LanceDB (default), Chroma, Milvus, Pinecone, Qdrant, Weaviate
- Deployment: Docker, Desktop App (macOS/Windows/Linux)
| Component |
Minimum |
Recommended |
| CPU |
2 cores |
4+ cores |
| RAM |
2GB |
8GB+ (for local LLMs) |
| Disk |
5GB |
50GB+ (for local models) |
| Network |
Required for cloud LLMs |
Optional for local LLMs |
Note: Official minimum requirements are 2GB RAM, 2-core CPU, 5GB storage. Higher specs recommended for local LLM deployments.
- ✅ Open-source and self-hosted
- ✅ MIT License
- ✅ Active development (v1.12.0 - April 2, 2026)
- ✅ 58k+ GitHub stars, 6.3k+ forks
- ✅ Multi-user mode available (Docker version)
- ⚠️ Requires
SYS_ADMIN capability for webpage scraping
- ⚠️ 13 security advisories disclosed (Jan 2024 - Mar 2026) - keep updated to v1.12.0+
- Critical: CVE-2026-32626 / GHSA-rrmw-2j6x-4mf2 (XSS to RCE via LLM injection, Mar 2026). Root cause:
nodeIntegration: true + contextIsolation: false in Electron
- High: CVE-2026-24477, CVE-2026-24478, CVE-2026-32628 (GHSA-jwjx-mw2p-5wc7, SQL injection), CVE-2026-32617 (GHSA-24qj-pw4h-3jmm, permissive CORS), CVE-2026-32717 (GHSA-7754-8jcc-2rg3, access control bypass)
- Moderate: GHSA-2qmm-82f7-8qj5 (cross-user chat feedback IDOR), GHSA-p5rf-8p88-979c (cross-workspace IDOR), GHSA-rh66-4w74-cf4m (CVE-2026-32719)
- Low: GHSA-wfq3-65gm-3g2p (CVE-2026-32715, info disclosure), GHSA-47vr-w3vm-69ch (CVE-2026-21484, username enumeration)
¶ History and References
Any questions?
Feel free to contact us. Find all contact information on our contact page.