Suppose you have a vulnerable library,
vuln-lib.jar, which then you import into your source code but never really use:
#My imports import com.vuln.lib. * #My code ..
And you are going to deploy this application on a server. Is it possible to exploit a known vulnerability in this library even if your code does not use any of the classes provided by the library as part of the source code? And if so, how would that happen?