diff --git a/cloudbio/biodata/genomes.py b/cloudbio/biodata/genomes.py
index a665e95c5..daf335237 100644
--- a/cloudbio/biodata/genomes.py
+++ b/cloudbio/biodata/genomes.py
@@ -411,7 +411,7 @@ def _get_genomes(config_source):
         if yaml is None:
             raise ImportError("install yaml to read configuration from %s" % config_source)
         with open(config_source) as in_handle:
-            config = yaml.load(in_handle)
+            config = yaml.safe_load(in_handle)
     genomes = []
     genomes_config = config["genomes"] or []
     print("List of genomes to get (from the config file at '{0}'): {1}"
diff --git a/cloudbio/deploy/config.py b/cloudbio/deploy/config.py
index 3c41fc31c..64766fa9c 100644
--- a/cloudbio/deploy/config.py
+++ b/cloudbio/deploy/config.py
@@ -15,4 +15,4 @@ def _path_from_root(name):
 
 def _read_yaml(yaml_file):
     with open(yaml_file) as in_handle:
-        return yaml.load(in_handle)
+        return yaml.safe_load(in_handle)
diff --git a/cloudbio/deploy/main.py b/cloudbio/deploy/main.py
index 87b58d2cc..821fe04b7 100644
--- a/cloudbio/deploy/main.py
+++ b/cloudbio/deploy/main.py
@@ -96,7 +96,7 @@ def parse_settings(name):
 
 def _read_yaml(yaml_file):
     with open(yaml_file) as in_handle:
-        return yaml.load(in_handle)
+        return yaml.safe_load(in_handle)
 
 
 if __name__ == "__main__":
diff --git a/cloudbio/deploy/plugins/cloudman.py b/cloudbio/deploy/plugins/cloudman.py
index 76e9d449b..70acf2acd 100644
--- a/cloudbio/deploy/plugins/cloudman.py
+++ b/cloudbio/deploy/plugins/cloudman.py
@@ -61,7 +61,7 @@ def cloudman_launch(vm_launcher, options):
             raise Exception("CloudMan AMI set to __use_snaps__ but now snaps.yaml file could be found with path %s" % snaps_path)
         snaps = {}
         with open(snaps_path, "r") as in_handle:
-            snaps = yaml.load(in_handle)
+            snaps = yaml.safe_load(in_handle)
         clouds = snaps["clouds"]
         if len(clouds) != 1:
             raise Exception("Exactly one cloud must be defined snaps.yaml for the deployer's CloudMan launch to work.")
diff --git a/cloudbio/galaxy/tools.py b/cloudbio/galaxy/tools.py
index 7560b221e..75bf26fc1 100644
--- a/cloudbio/galaxy/tools.py
+++ b/cloudbio/galaxy/tools.py
@@ -50,7 +50,7 @@ def _tools_conf_path(env):
 
 def _load_tools_conf(env):
     with open(_tools_conf_path(env)) as in_handle:
-        full_data = yaml.load(in_handle)
+        full_data = yaml.safe_load(in_handle)
     return full_data
 
 
diff --git a/cloudbio/package/brew.py b/cloudbio/package/brew.py
index d63473290..51c8e11ea 100644
--- a/cloudbio/package/brew.py
+++ b/cloudbio/package/brew.py
@@ -57,7 +57,7 @@ def install_packages(env, to_install=None, packages=None):
     for pkg_str in ["pkg-config", "openssl", "cmake", "unzip"]:
         _safe_unlink_pkg(env, pkg_str, brew_cmd)
     with open(config_file.base) as in_handle:
-        to_remove = yaml.load(in_handle).get("to_remove", [])
+        to_remove = yaml.safe_load(in_handle).get("to_remove", [])
     for pkg_str in ["curl"] + to_remove:
         _safe_uninstall_pkg(env, pkg_str, brew_cmd)
 
@@ -68,7 +68,7 @@ def _remove_old(env, config_file):
     if env.safe_exists(brew_cmd):
         baseline = ["pkg-config", "openssl", "cmake", "unzip", "curl"]
         with open(config_file) as in_handle:
-            to_remove = yaml.load(in_handle).get("to_remove", [])
+            to_remove = yaml.safe_load(in_handle).get("to_remove", [])
         for pkg_str in baseline + to_remove:
             _safe_uninstall_pkg(env, pkg_str, brew_cmd)
 
diff --git a/cloudbio/package/shared.py b/cloudbio/package/shared.py
index 9960971f2..f42aab059 100644
--- a/cloudbio/package/shared.py
+++ b/cloudbio/package/shared.py
@@ -8,12 +8,12 @@ def _yaml_to_packages(yaml_file, to_install=None, subs_yaml_file=None, namesort=
     """
     print("Reading packages from %s" % yaml_file)
     with open(yaml_file) as in_handle:
-        full_data = yaml.load(in_handle)
+        full_data = yaml.safe_load(in_handle)
         if full_data is None:
             full_data = {}
     if subs_yaml_file is not None:
         with open(subs_yaml_file) as in_handle:
-            subs = yaml.load(in_handle)
+            subs = yaml.safe_load(in_handle)
     else:
         subs = {}
     # filter the data based on what we have configured to install
diff --git a/fabfile.py b/fabfile.py
index c60b073ca..09e30a259 100755
--- a/fabfile.py
+++ b/fabfile.py
@@ -356,7 +356,7 @@ def _read_main_config():
     """
     yaml_file = get_config_file(env, "main.yaml").base
     with open(yaml_file) as in_handle:
-        full_data = yaml.load(in_handle)
+        full_data = yaml.safe_load(in_handle)
     packages = full_data.get('packages', [])
     packages = env.flavor.rewrite_config_items("main_packages", packages)
     libraries = full_data.get('libraries', [])
@@ -455,5 +455,5 @@ def _do_library_installs(to_install):
     for iname in to_install:
         yaml_file = get_config_file(env, "%s.yaml" % iname).base
         with open(yaml_file) as in_handle:
-            config = yaml.load(in_handle)
+            config = yaml.safe_load(in_handle)
         lib_installers[iname](config)
diff --git a/installed_files/ec2autorun.py b/installed_files/ec2autorun.py
index e137afd11..aff83425b 100644
--- a/installed_files/ec2autorun.py
+++ b/installed_files/ec2autorun.py
@@ -402,14 +402,14 @@ def _load_user_data(user_data):
     the `_merge` function above and priority is always given to
     user supplied options.
     """
-    ud = yaml.load(user_data)
+    ud = yaml.safe_load(user_data)
     if ud == user_data:
         # Bad user data, cannot merge default
         return ud
     default_user_data_path = \
         os.path.join(os.path.dirname(os.path.abspath(__file__)), 'IMAGE_USER_DATA')
     if os.path.exists(default_user_data_path):
-        image_ud = yaml.load(open(default_user_data_path, 'r').read())
+        image_ud = yaml.safe_load(open(default_user_data_path, 'r').read())
         if image_ud:
             ud = _merge(ud, image_ud)
     return ud
diff --git a/utils/cbl_exome_setup.py b/utils/cbl_exome_setup.py
index 89a927cfc..05fab5409 100644
--- a/utils/cbl_exome_setup.py
+++ b/utils/cbl_exome_setup.py
@@ -93,7 +93,7 @@ def read_pp_config(fname):
     """Read AMQP vhost from YAML configuration file.
     """
     with open(fname) as in_handle:
-        config = yaml.load(in_handle)
+        config = yaml.safe_load(in_handle)
     return config["distributed"]["rabbitmq_vhost"]
 
 def read_ampq_config(fname):
diff --git a/utils/query_conda_deps.py b/utils/query_conda_deps.py
index 561827790..ab9801ad5 100644
--- a/utils/query_conda_deps.py
+++ b/utils/query_conda_deps.py
@@ -10,7 +10,7 @@
 
 def main(config_file):
     with open(config_file) as in_handle:
-        config = yaml.load(in_handle)
+        config = yaml.safe_load(in_handle)
     channels = config["channels"]
     channels.reverse()
     for p in sorted(config["bio_nextgen"]):