diff --git a/.builder-image-version.txt b/.builder-image-version.txt
index f8f3c0872..140333f6d 100644
--- a/.builder-image-version.txt
+++ b/.builder-image-version.txt
@@ -1 +1 @@
-1.0.18
+1.0.19
diff --git a/.github/workflows/main-promote-builder-image.yml b/.github/workflows/main-promote-builder-image.yml
index 37e487101..966f4e633 100644
--- a/.github/workflows/main-promote-builder-image.yml
+++ b/.github/workflows/main-promote-builder-image.yml
@@ -10,7 +10,7 @@ jobs:
     name: Promote Latest tag to Caph Builder Image
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/syself/caph-builder:1.0.18
+      image: ghcr.io/syself/caph-builder:1.0.19
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.github_token }}
diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml
index 5eb6397c2..43db07425 100644
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -23,7 +23,7 @@ jobs:
     if: github.event_name != 'pull_request_target' || !github.event.pull_request.draft
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/syself/caph-builder:1.0.18
+      image: ghcr.io/syself/caph-builder:1.0.19
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.github_token }}
diff --git a/.github/workflows/schedule-scan-image.yml b/.github/workflows/schedule-scan-image.yml
index c064e1df1..4f48d0366 100644
--- a/.github/workflows/schedule-scan-image.yml
+++ b/.github/workflows/schedule-scan-image.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository == 'syself/cluster-api-provider-hetzner'
     container:
-      image: ghcr.io/syself/caph-builder:1.0.18
+      image: ghcr.io/syself/caph-builder:1.0.19
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.github_token }}
diff --git a/images/builder/Dockerfile b/images/builder/Dockerfile
index fa8440464..ac224c219 100644
--- a/images/builder/Dockerfile
+++ b/images/builder/Dockerfile
@@ -17,7 +17,7 @@
 # If you make changes to this Dockerfile run `make builder-image-push`.
 
 # Install Lychee
-FROM docker.io/library/alpine:3.20.0@sha256:216266c86fc4dcef5619930bd394245824c2af52fd21ba7c6fa0e618657d4c3b AS lychee
+FROM docker.io/library/alpine:3.20.2@sha256:eddacbc7e24bf8799a4ed3cdcfa50d4b88a323695ad80f317b6629883b2c2a78 AS lychee
 # update: datasource=github-tags depName=lycheeverse/lychee versioning=semver
 ENV LYCHEE_VERSION="v0.15.1"
 # hadolint ignore=DL3018
@@ -28,7 +28,7 @@ RUN apk add --no-cache curl && \
     rm -rf /tmp/linux-amd64 /tmp/lychee-${LYCHEE_VERSION}.tgz
 
 # Install Golang CI Lint
-FROM docker.io/library/alpine:3.20.0@sha256:216266c86fc4dcef5619930bd394245824c2af52fd21ba7c6fa0e618657d4c3b AS golangci
+FROM docker.io/library/alpine:3.20.2@sha256:eddacbc7e24bf8799a4ed3cdcfa50d4b88a323695ad80f317b6629883b2c2a78 AS golangci
 # update: datasource=github-tags depName=golangci/golangci-lint versioning=semver
 ENV GOLANGCI_VERSION="v1.59.1"
 WORKDIR /
@@ -40,7 +40,7 @@ RUN apk add --no-cache curl && \
 FROM docker.io/hadolint/hadolint:v2.12.0-alpine@sha256:7dba9a9f1a0350f6d021fb2f6f88900998a4fb0aaf8e4330aa8c38544f04db42 AS hadolint
 
 # Install Trivy
-FROM docker.io/aquasec/trivy:0.52.1@sha256:fccab5c313e08e38c12ee4331641de03ac2f8824fd6d41b7dd9ee1a6c2d3680b AS trivy
+FROM docker.io/aquasec/trivy:0.53.0@sha256:8082d8d128f3e39d28a7df824e43c655d764ca76a19b096968b5c3a1906f14a0 AS trivy
 
 ############################
 # Caph Build Image Base #