diff --git a/.gitignore b/.gitignore
index 2fe1cd3e54..64d2e52c9f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -54,3 +54,6 @@ site/
 venv/
 
 dist/
+
+# trivy container scanning cache
+.trivycache/
\ No newline at end of file
diff --git a/build/Dockerfile b/build/Dockerfile
index be6525e657..eb7ff8eb3f 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -40,8 +40,8 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode
 	--mount=type=secret,id=nginx-repo.key,dst=/etc/ssl/nginx/nginx-repo.key,mode=0644 \
 	apt-get update \
 	&& apt-get install --no-install-recommends --no-install-suggests -y ca-certificates gnupg curl apt-transport-https libcap2-bin \
-	# temporary fix for https://security-tracker.debian.org/tracker/CVE-2021-3520
-	&& apt-get install -y liblz4-1 \
+	# temporary fix for CVE-2021-3520, CVE-2021-33560, CVE-2021-20231, CVE-2021-20305, CVE-2021-20305
+	&& apt-get install -y liblz4-1 libgcrypt20 libgnutls30 libhogweed4 libnettle6 \
 	&& curl -sSL https://cs.nginx.com/static/keys/nginx_signing.key | gpg --dearmor > /etc/apt/trusted.gpg.d/nginx_signing.gpg \
 	&& curl -sSL -o /etc/apt/apt.conf.d/90pkgs-nginx https://cs.nginx.com/static/files/90pkgs-nginx \
 	&& printf "%s\n" "Acquire::https::pkgs.nginx.com::User-Agent  \"k8s-ic-$IC_VERSION-apt\";" >> /etc/apt/apt.conf.d/90pkgs-nginx \