Menu items displayed in the Browse → Filter… drop-down menu do not get properly escaped. As a result, the ampersand “&” character is treated as a menu item mnemonic: the ampersand is dropped and the following character gets underlined. It is also a kind of an injection vulnerability.
The problem can be reproduced with all user-generated menu items, i.e. tags, note type, and deck names.
Version: 2.1.33 (3f403040), Python 3.8.1, Qt 5.15.0, PyQt 5.15.0.