Currently the user-specified path could point to any folder and dotenv will parse them anyway even if it is files like /etc/passwd.
The content of the target file would be available in the error message. This could potentially introduce the path traversal vulnerability if the developer misuses it.

from dotenv import load_dotenv
from dotenv import dotenv_values
import os
config = dotenv_values("../../../etc/passwd") 

I am wondering if it is possible to give dotenv_values an additional arguments to control if it would support relative path searching.