There is always a misconception that, when you build an image from the dockerfile in a frequent interval, which has base image defined something like below , the base image updates ( for example a CVE or vulnerability fix) are by default pulled into your newly built image. This is wrong!
Docker uses the caches when building and when there is no change in the instructions of Dockerfile, docker skips doing an update of the image to the latest version.
To avoid this, avoid the cache in build process, ie
#docker build -no-cache .