diff --git a/beetsplug/edit.py b/beetsplug/edit.py
index 631a1b584..9dbfcdd17 100644
--- a/beetsplug/edit.py
+++ b/beetsplug/edit.py
@@ -74,7 +74,7 @@ def load(s):
     """
     try:
         out = []
-        for d in yaml.load_all(s):
+        for d in yaml.safe_load_all(s):
             if not isinstance(d, dict):
                 raise ParseError(
                     u'each entry must be a dictionary; found {}'.format(
diff --git a/test/test_config_command.py b/test/test_config_command.py
index 35ba6ca0e..0d16dbf19 100644
--- a/test/test_config_command.py
+++ b/test/test_config_command.py
@@ -45,7 +45,7 @@ class ConfigCommandTest(unittest.TestCase, TestHelper):
 
     def _run_with_yaml_output(self, *args):
         output = self.run_with_output(*args)
-        return yaml.load(output)
+        return yaml.safe_load(output)
 
     def test_show_user_config(self):
         output = self._run_with_yaml_output('config', '-c')