Since Tails is based on Debian, it takes advantage of all the work done by the Debian security team. As quoted from https://www.debian.org/security/:

Debian takes security very seriously. We handle all security problems brought to our attention and ensure that they are corrected within a reasonable timeframe. Many advisories are coordinated with other free software vendors and are published the same day a vulnerability is made public and we also have a Security Audit team that reviews the archive looking for new or unfixed security bugs.

Experience has shown that "security through obscurity" does not work. Public disclosure allows for more rapid and better solutions to security problems. In that vein, this page addresses Debian's status with respect to various known security vulnerabilities, which could potentially affect Debian.

Current security vulnerabilities

Fixed security vulnerabilities

Security hole in I2P 0.9.13
Posted

Other vulnerabilities solved in included applications