diff --git a/app/models/theme.rb b/app/models/theme.rb
index 59f1e42..410dd34 100644
--- a/app/models/theme.rb
+++ b/app/models/theme.rb
@@ -43,8 +43,13 @@ class Theme
 
     def approved_themes(owner)
       Dir.glob(File.join(system_themes_dir, '*')).select do |item|
-        config = YAML.load_file(File.join(item, 'theme.yml'))
-        (config['owner_type'] == owner.class.base_class.name) && (config['owner_id'] == owner.id) || config['public']
+        if File.exists?( File.join(item, 'theme.yml') )
+          config = YAML.load_file(File.join(item, 'theme.yml'))
+          (config['owner_type'] == owner.class.base_class.name) &&
+          (config['owner_id'] == owner.id) || config['public']
+        else
+          false
+        end
       end.map do |desc|
         new(File.basename(desc))
       end
diff --git a/test/unit/theme_test.rb b/test/unit/theme_test.rb
index 7745735..f8f21d7 100644
--- a/test/unit/theme_test.rb
+++ b/test/unit/theme_test.rb
@@ -170,6 +170,14 @@ class ThemeTest < ActiveSupport::TestCase
     assert ! Theme.approved_themes(profile).include?(Theme.find(t3.id))
   end
 
+  should 'not list non theme files or dirs inside themes dir' do
+    Theme.stubs(:system_themes_dir).returns(TMP_THEMES_DIR)
+    Dir.mkdir(TMP_THEMES_DIR)
+    Dir.mkdir(TMP_THEMES_DIR+'/empty-dir')
+    File.new(TMP_THEMES_DIR+'/my-logo.png', File::CREAT)
+    assert Theme.approved_themes(Environment.default).empty?
+  end
+
   should 'set theme to public' do
     t = Theme.new('mytheme')
     t.public = true
--
libgit2 0.21.2