diff --git a/src/wstool/config_yaml.py b/src/wstool/config_yaml.py
index 19f82e5..4638b11 100644
--- a/src/wstool/config_yaml.py
+++ b/src/wstool/config_yaml.py
@@ -71,7 +71,7 @@ def get_yaml_from_uri(uri):
         if not stream:
             raise MultiProjectException("couldn't load config uri %s" % uri)
         try:
-            yamldata = yaml.load(stream)
+            yamldata = yaml.safe_load(stream)
         except yaml.YAMLError as yame:
             raise MultiProjectException(
                 "Invalid multiproject yaml format in [%s]: %s" % (uri, yame))
diff --git a/src/wstool/multiproject_cli.py b/src/wstool/multiproject_cli.py
index 3c652d0..9d552f7 100644
--- a/src/wstool/multiproject_cli.py
+++ b/src/wstool/multiproject_cli.py
@@ -546,7 +546,7 @@ def cmd_merge(self, target_path, argv, config=None):
         if config_uris[0] == '-':
             pipedata = "".join(sys.stdin.readlines())
             try:
-                yamldicts = yaml.load(pipedata)
+                yamldicts = yaml.safe_load(pipedata)
             except yaml.YAMLError as e:
                 raise MultiProjectException(
                     "Invalid yaml format: \n%s \n%s" % (pipedata, e))
diff --git a/test/local/test_tarfile.py b/test/local/test_tarfile.py
index f915ddf..af9fc0a 100644
--- a/test/local/test_tarfile.py
+++ b/test/local/test_tarfile.py
@@ -34,7 +34,7 @@ def test_install(self):
         self.assertTrue(os.path.isdir(os.path.join(self.directory, "temptar")))
         self.assertTrue(os.path.isfile(os.path.join(self.directory, ".rosinstall")))
         stream = open(os.path.join(self.directory, '.rosinstall'), 'r')
-        yamlsrc = yaml.load(stream)
+        yamlsrc = yaml.safe_load(stream)
         stream.close()
         self.assertEqual(1, len(yamlsrc))
         self.assertEqual('tar', list(yamlsrc[0].keys())[0])