diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
index cffdd9ceebf..6c56ba3dd37 100644
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -638,16 +638,6 @@ Rails/WhereEquals:
 Rails/WhereExists:
   Enabled: false
 
-# Offense count: 8
-# Cop supports --auto-correct.
-Security/YAMLLoad:
-  Exclude:
-    - 'lib/gitlab/redis/wrapper.rb'
-    - 'lib/system_check/incoming_email/imap_authentication_check.rb'
-    - 'spec/config/mail_room_spec.rb'
-    - 'spec/initializers/secret_token_spec.rb'
-    - 'spec/lib/gitlab/prometheus/additional_metrics_parser_spec.rb'
-
 # Offense count: 240
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle.
diff --git a/changelogs/unreleased/pl-rubocop-todo-yaml-load.yml b/changelogs/unreleased/pl-rubocop-todo-yaml-load.yml
new file mode 100644
index 00000000000..83cd398cf60
--- /dev/null
+++ b/changelogs/unreleased/pl-rubocop-todo-yaml-load.yml
@@ -0,0 +1,5 @@
+---
+title: Resolves offenses Security/YAMLLoad
+merge_request: 58042
+author: Shubham Kumar (@imskr)
+type: fixed
diff --git a/lib/gitlab/redis/wrapper.rb b/lib/gitlab/redis/wrapper.rb
index 6f80c7d439f..0fa7d7ba643 100644
--- a/lib/gitlab/redis/wrapper.rb
+++ b/lib/gitlab/redis/wrapper.rb
@@ -142,7 +142,7 @@ module Gitlab
       def fetch_config
         return false unless self.class._raw_config
 
-        yaml = YAML.load(self.class._raw_config)
+        yaml = YAML.safe_load(self.class._raw_config)
 
         # If the file has content but it's invalid YAML, `load` returns false
         if yaml
diff --git a/lib/system_check/incoming_email/imap_authentication_check.rb b/lib/system_check/incoming_email/imap_authentication_check.rb
index 056021d460c..0f87daef439 100644
--- a/lib/system_check/incoming_email/imap_authentication_check.rb
+++ b/lib/system_check/incoming_email/imap_authentication_check.rb
@@ -52,7 +52,7 @@ module SystemCheck
       def load_config
         erb = ERB.new(File.read(mail_room_config_path))
         erb.filename = mail_room_config_path
-        config_file = YAML.load(erb.result)
+        config_file = YAML.safe_load(erb.result)
 
         config_file[:mailboxes]
       end
diff --git a/spec/config/mail_room_spec.rb b/spec/config/mail_room_spec.rb
index 6265b54931a..ce514bd8905 100644
--- a/spec/config/mail_room_spec.rb
+++ b/spec/config/mail_room_spec.rb
@@ -21,7 +21,7 @@ RSpec.describe 'mail_room.yml' do
     status = result.status
     raise "Error interpreting #{mailroom_config_path}: #{output}" unless status == 0
 
-    YAML.load(output)
+    YAML.safe_load(output, permitted_classes: [Symbol])
   end
 
   before do
diff --git a/spec/initializers/secret_token_spec.rb b/spec/initializers/secret_token_spec.rb
index ab16dbad3fc..2c396a18361 100644
--- a/spec/initializers/secret_token_spec.rb
+++ b/spec/initializers/secret_token_spec.rb
@@ -84,7 +84,7 @@ RSpec.describe 'create_tokens' do
 
       it 'writes the secrets to secrets.yml' do
         expect(File).to receive(:write).with('config/secrets.yml', any_args) do |filename, contents, options|
-          new_secrets = YAML.load(contents)[Rails.env]
+          new_secrets = YAML.safe_load(contents)[Rails.env]
 
           expect(new_secrets['secret_key_base']).to eq(secrets.secret_key_base)
           expect(new_secrets['otp_key_base']).to eq(secrets.otp_key_base)
@@ -179,7 +179,7 @@ RSpec.describe 'create_tokens' do
 
         it 'uses the file secret' do
           expect(File).to receive(:write) do |filename, contents, options|
-            new_secrets = YAML.load(contents)[Rails.env]
+            new_secrets = YAML.safe_load(contents)[Rails.env]
 
             expect(new_secrets['secret_key_base']).to eq('file_key')
             expect(new_secrets['otp_key_base']).to eq('file_key')
diff --git a/spec/lib/gitlab/prometheus/additional_metrics_parser_spec.rb b/spec/lib/gitlab/prometheus/additional_metrics_parser_spec.rb
index 3c7496cabd0..559557f9313 100644
--- a/spec/lib/gitlab/prometheus/additional_metrics_parser_spec.rb
+++ b/spec/lib/gitlab/prometheus/additional_metrics_parser_spec.rb
@@ -35,7 +35,7 @@ RSpec.describe Gitlab::Prometheus::AdditionalMetricsParser do
       end
 
       before do
-        allow(described_class).to receive(:load_yaml_file) { YAML.load(sample_yaml) }
+        allow(described_class).to receive(:load_yaml_file) { YAML.safe_load(sample_yaml) }
       end
 
       it 'parses to two metric groups with 2 and 1 metric respectively' do
@@ -71,7 +71,7 @@ RSpec.describe Gitlab::Prometheus::AdditionalMetricsParser do
     shared_examples 'required field' do |field_name|
       context "when #{field_name} is nil" do
         before do
-          allow(described_class).to receive(:load_yaml_file) { YAML.load(field_missing) }
+          allow(described_class).to receive(:load_yaml_file) { YAML.safe_load(field_missing) }
         end
 
         it 'throws parsing error' do
@@ -81,7 +81,7 @@ RSpec.describe Gitlab::Prometheus::AdditionalMetricsParser do
 
       context "when #{field_name} are not specified" do
         before do
-          allow(described_class).to receive(:load_yaml_file) { YAML.load(field_nil) }
+          allow(described_class).to receive(:load_yaml_file) { YAML.safe_load(field_nil) }
         end
 
         it 'throws parsing error' do