Age old problem.
Because unless someone remembers to update every Docker image on a regular schedule, it's just going to be out of date.
But if they do, it's going to screw lots of people over if there are changes / bugs beyond the security update, people who would have been working fine without the update.
Docker is really just a bunch of "other people's VM's" in essence, anyway. It's no more secure than anything else, because of that.
You'd think there'd be some kind of automated dependency/security tool by now that realises that a dependency is out of date, updates it and rebuilds everything that was reliant on it (or contains an unannounced copy of it, which is far more likely!). But no.
Docker - like all similar containerisation technologies - just pushes software updates behind another layer of obscurity and complexity, it doesn't actually fix them.