diff --git a/Dockerfile b/Dockerfile
index 274c0a2..81ffee4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -32,8 +32,10 @@ RUN npm run build
 # Stage 3: Production Runtime
 FROM node:20-alpine
 
-# Install su-exec and shadow (for usermod/groupmod)
-RUN apk add --no-cache su-exec shadow
+# Upgrade existing packages to fix base image vulnerabilities, 
+# then install su-exec and shadow (for usermod/groupmod)
+RUN apk upgrade --no-cache && \
+    apk add --no-cache su-exec shadow
 
 WORKDIR /app