diff --git a/gems/alchemy_cms/CVE-2018-18307.yml b/gems/alchemy_cms/CVE-2018-18307.yml
new file mode 100644
index 0000000000..a4c8f5454e
--- /dev/null
+++ b/gems/alchemy_cms/CVE-2018-18307.yml
@@ -0,0 +1,22 @@
+---
+gem: alchemy_cms
+cve: 2018-18307
+ghsa: 7mj4-2984-955f
+url: http://packetstormsecurity.com/files/149787/Alchemy-CMS-4.1-Stable-Cross-Site-Scripting.html
+title: AlchemyCMS is vulnerable to stored XSS via
+  the /admin/pictures image field
+date: 2018-10-16
+description: |
+  A stored XSS vulnerability has been discovered in version 4.1.0
+  of AlchemyCMS via the /admin/pictures image filename field.
+cvss_v2: 4.3
+cvss_v3: 6.1
+unaffected_versions:
+  - "< 4.1.0"
+notes: "Checked/No evidence of patch"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-18307
+    - http://packetstormsecurity.com/files/149787/Alchemy-CMS-4.1-Stable-Cross-Site-Scripting.html
+    - https://github.com/AlchemyCMS/alchemy_cms
+    - https://github.com/advisories/GHSA-7mj4-2984-955f