Tianocore EDK2 security advisory page has been updated, for the first time since 2016! It looks like a single entry:
27. UEFI Variable Deletion/Corruption
Description: Input validation error in MinnowBoard 3 Firmware versions prior to 0.65 allow local attacker to cause denial of service via UEFI APIs.
Recommendation: This update improves input validation by firmware and is strongly recommended. For firmware development projects, incorporate the updates in https://github.com/tianocore/edk2-platforms/tree/devel-MinnowBoard3-UDK2017. When using MinnowBoard 3, update to version 0.65 or later. Updated firmware is available at https://firmware.intel.com/projects/minnowboard3
Acknowledgments: Reported by Intel.
The referenced CVE is still empty, hopefully someone at Intel/MITRE/NIST is going to take care of that sometime.