appsec – Can an application that imports a vulnerable library explode, but does not actually use library classes?

Suppose you have a vulnerable library, vuln-lib.jar, which then you import into your source code but never really use:

#My imports
import com.vuln.lib. *

#My code ..

And you are going to deploy this application on a server. Is it possible to exploit a known vulnerability in this library even if your code does not use any of the classes provided by the library as part of the source code? And if so, how would that happen?

Thank you!