Prevent svg file uploads (restrict photos to just jpg / png)

How do I prevent users from uploading potentially malicious files (e.g. svg files, which can contain executable scripts) as a photo. I can't find anywhere the settings on which file types are allowed to be uploaded - I'm concerned there may not be any restrictions at all!!! I only want them to be able upload simple image files such as jpg / png as these are definitely safe.