The vulnerable code had a lot of refactors in its lifetime.
A vulnerability with this tag has had at least 10 separate weeks where at least one commit mentioned the word "refactoring" in the commit message.
Refactoring is generally considered to be a good practice to be doing regularly. It indicates regular maintenance and attention. While refactoring doesn't yield new features or fix defects, it greatly reduces the cost of them.
The Vulnerability History Project