Docker containers are widely used in modern enterprise applications and cloud environments for their efficiency, portability, and rapid deployment. As a leading containerization technology, Docker enables applications to be stored as images containing all required runtime dependencies. Nonetheless, the growing popularity of containers has also raised security concerns as the libraries and dependencies included in Docker images can contain security vulnerabilities. Previous research has predominantly focused on operating system vulnerabilities, with some investigations into application vulnerabilities originating from vulnerable dependencies. However, these studies have focused solely on the latest tag (version) of each Docker image repository, without offering insights into the prevalence and potential resolution of vulnerabilities across different releases. This limitation restricts our understanding of how effectively they are managed over time. In this study, we investigate the prevalence of vulnerable JavaScript packages within Docker containers across multiple tags. Our time-based analysis enables us to assess the extent to which maintainers resolve these vulnerabilities in subsequent releases, as well as the time required to address them. We analyzed 6,292 unique images gathered from 1,573 active repositories. Our findings indicate that the majority of Docker images containing JavaScript code exhibit multiple vulnerabilities. Two-thirds of these vulnerabilities originate from transitive dependencies, which are not accounted for by Docker’s vulnerability scanning tool, Docker Scout. While some of these vulnerabilities are addressed by maintainers in subsequent releases, many remain unaddressed within our observation timeframe. Moreover, we found that only 10% of vulnerabilities are typically addressed within the first 6 months, leaving many unattended for considerably longer durations.