Menu items displayed in the Browse → Filter… drop-down menu do not get properly escaped. As a result, the ampersand “&” character is treated as a menu item mnemonic: the ampersand is dropped and the following character gets underlined. It is also a kind of an injection vulnerability.

The problem can be reproduced with all user-generated menu items, i.e. tags, note type, and deck names.

OS: Linux.
Version: 2.1.33 (3f403040), Python 3.8.1, Qt 5.15.0, PyQt 5.15.0.

It’s fairly harmless, but thank you for reporting it. I’ve added it to https://github.com/ankitects/help-wanted/issues/20