diff --git a/manage.py b/manage.py
index 46a562abb..a9cc30054 100755
--- a/manage.py
+++ b/manage.py
@@ -2,6 +2,9 @@
 """Django manage.py"""
 import os
 import sys
+from defusedxml import defuse_stdlib
+
+defuse_stdlib()
 
 if __name__ == '__main__':
     os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'passbook.root.settings')
diff --git a/passbook/root/wsgi.py b/passbook/root/wsgi.py
index b90cca62a..ff4ff87e9 100644
--- a/passbook/root/wsgi.py
+++ b/passbook/root/wsgi.py
@@ -9,12 +9,14 @@ https://docs.djangoproject.com/en/2.1/howto/deployment/wsgi/
 import os
 from time import time
 
+from defusedxml import defuse_stdlib
 from django.core.wsgi import get_wsgi_application
 from structlog import get_logger
 
 from passbook.lib.utils.http import _get_client_ip_from_meta
 
 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "passbook.root.settings")
+defuse_stdlib()
 
 
 class WSGILogger: