diff --git a/Dockerfile b/Dockerfile
index 4f9b3b5ac..74e592a1f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,7 +8,10 @@ ARG IMAGE_VERSION
 RUN make build
 
 FROM us.gcr.io/k8s-artifacts-prod/build-image/debian-iptables-amd64:v12.1.2 AS nmi
-RUN clean-install ca-certificates libssl1.1
+# upgrading apt &libapt-pkg5.0 due to CVE-2020-27350
+# upgrading libssl1.1 due to CVE-2020-1971
+RUN apt-mark unhold apt && \
+    clean-install ca-certificates apt libapt-pkg5.0 libssl1.1
 COPY --from=builder /go/src/github.com/Azure/aad-pod-identity/bin/aad-pod-identity/nmi /bin/
 RUN useradd -u 10001 nonroot
 USER nonroot