diff --git a/huggingface/pytorch/training/docker/2.1/py3/sdk2.20.0/Dockerfile.neuronx b/huggingface/pytorch/training/docker/2.1/py3/sdk2.20.0/Dockerfile.neuronx
index c98b05d4d510..8f7b4dfbe594 100644
--- a/huggingface/pytorch/training/docker/2.1/py3/sdk2.20.0/Dockerfile.neuronx
+++ b/huggingface/pytorch/training/docker/2.1/py3/sdk2.20.0/Dockerfile.neuronx
@@ -44,7 +44,10 @@ RUN pip install -U \
 	boto3 \
 	botocore \
 	google-auth \
-	"urllib3>=1.26.17,<1.27"
+	"urllib3>=1.26.17,<1.27" \
+	"protobuf>=4.25.8" \
+	"regex>=2025.2.10" \
+	"transformers>=4.52.1"
 
 RUN pip install "peft==0.14.0"
 
diff --git a/huggingface/pytorch/training/docker/2.1/py3/sdk2.20.0/Dockerfile.neuronx.py_scan_allowlist.json b/huggingface/pytorch/training/docker/2.1/py3/sdk2.20.0/Dockerfile.neuronx.py_scan_allowlist.json
index af7871144e13..58b7b817e5d0 100644
--- a/huggingface/pytorch/training/docker/2.1/py3/sdk2.20.0/Dockerfile.neuronx.py_scan_allowlist.json
+++ b/huggingface/pytorch/training/docker/2.1/py3/sdk2.20.0/Dockerfile.neuronx.py_scan_allowlist.json
@@ -18,5 +18,7 @@
     "72394": "[pkg: mlflow] Required by sagemaker. advisory='Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run.', reason_to_ignore='N/A', spec='>=1.27.0'",
     "73889": "[pkg: werkzeug] Required by sagemaker. advisory='Affected versions of Werkzeug are potentially vulnerable to resource exhaustion when parsing file data in forms.', reason_to_ignore='N/A', spec='>=3.0.6'",
     "73969": "[pkg: werkzeug] Required by sagemaker. advisory='Affected versions of Werkzeug are vulnerable to Path Traversal (CWE-22) on Windows systems running Python versions below 3.11.', reason_to_ignore='N/A', spec='>=3.0.6'",
-    "72809": "[pkg: gunicorn] A vulnerability in Gunicorn allowed the TolerateDangerousFraming setting to process conflicting headers (Transfer-Encoding and Content-Length) and dangerous characters in HTTP header fields.', reason_to_ignore='N/A', spec='>=23.0.0'"
+    "72809": "[pkg: gunicorn] A vulnerability in Gunicorn allowed the TolerateDangerousFraming setting to process conflicting headers (Transfer-Encoding and Content-Length) and dangerous characters in HTTP header fields.', reason_to_ignore='N/A', spec='>=23.0.0'",
+    "77680": "Requests is an HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.",
+    "77744": "urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0."
 }