Tianocore EDK2 security advisory page has been updated, for the first time since 2016! It looks like a single entry:
https://edk2-docs.gitbooks.io/security-advisory/content/
27. UEFI Variable Deletion/Corruption
Description: Input validation error in MinnowBoard 3 Firmware versions prior to 0.65 allow local attacker to cause denial of service via UEFI APIs.
Recommendation: This update improves input validation by firmware and is strongly recommended. For firmware development projects, incorporate the updates in https://github.com/tianocore/edk2-platforms/tree/devel-MinnowBoard3-UDK2017. When using MinnowBoard 3, update to version 0.65 or later. Updated firmware is available at https://firmware.intel.com/projects/minnowboard3
Acknowledgments: Reported by Intel.
References: CVE-2017-5699
The referenced CVE is still empty, hopefully someone at Intel/MITRE/NIST is going to take care of that sometime.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5699
https://nvd.nist.gov/vuln/detail/CVE-2017-5699
Firmware Security 