diff --git a/src/caosdb/yamlapi.py b/src/caosdb/yamlapi.py
index 69eef001a7bfddd0f1462a65b0c343fd4ab9e7de..69928af1568bf2150288844d74d606e39d598d0b 100644
--- a/src/caosdb/yamlapi.py
+++ b/src/caosdb/yamlapi.py
@@ -98,7 +98,7 @@ def yaml_to_xml(yamlstr):
         The string to load the yaml document from.
 
     """
-    return dict_to_xml(yaml.load(yamlstr))
+    return dict_to_xml(yaml.safe_load(yamlstr))
 
 
 def process(text):