In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page.
habitica habitica