The Therac-25 Incident (2021)

The MCAS related bugs @ Boeing led to 300+ deaths, so it's probably a contender.

Was that a bug or a failure to inform pilots about a new system?

Both - and really MCAS was fine but the issue was the metering systems (Pitot tubes) and the handling of conflicting data. That part of the puzzle was definitely a bug in the logic/software.

In the same vein one could argue that Therac-25 was not actually a software bug but a hardware problem. Interlocks, that could have prevented the accidents and that where present in earlier Therac models, were missing. The software was written with those interlocks in mind. Greedy management/hardware engineers skipped them for the -25 version.

It's almost never just software. It's almost never just one cause.

Just to point it out even clearer - there's almost never a root cause.

Remember the Airbus that crashed in the middle of the Atlantic because one of the pilots kept pulling on his yoke, and the computer decided to average his input with normal input from the other pilot?

Conflict resolution in redundant systems seems to be one of the weakest spots in modern aircraft software.

I would say plenty of both. They obviously had to inform the pilots, but the way the system didn't reset permanently after 2-3 (whatever) sessions of "oh, the pilot trimmed manually, after 10 seconds we keep doing the same thing" was a major major logic blunder. Failure all across the board, if only from the perspective of end-to-end / integration testing if nothing else.

Worryingly, e2e / full integration testing was also the main cause of other Boeing blunders, like the Starliner capsule.

That wasn't a bug.

They deliberately designed it to only look at one of the Pitot tubes, because if they had designed it to look at both, then they would have had to implement a warning message for conflicting data.

And if they had implemented a warning message, they would have had to tell the pilots about the new system, and train them how to deal with it.

It wasn't a mistake in logic either. This design went through their internal safety certification, and passed.

As far as I'm aware, MCAS functioned exactly as designed, zero bugs. It's just that the design was very bad.

Not a bug. A non airworthy plane they tried to patch up with software.

The plane was perfectly airworthy without MCAS, that was never the issue. The issue was it handled differently enough at high angles of attack to the 737NG that pilots would've needed additional training or possibly a new type rating without MCAS changing the trim in this situation. The competition (Airbus NEO family) did not need this kind of new training for existing pilots, so airlines being required to do this for new Boeing but not Airbus planes would've been a huge commercial disadvantage.

[edit as I can't reply to the child comment]: The FAA and EASA both looked into the stall characteristics afterwards and concluded that the plane was stable enough to be certified without MCAS and while it did have more of a tenancy to pitch up at high angles of attack it was still an acceptable amount.

I may have understood wrong but thought is possible to get into an unrecoverable stall?

Air France 447: https://en.m.wikipedia.org/wiki/Air_France_Flight_447

Inputs were averaged, but supposedly there’s at least a warning: Confused, Bonin exclaimed, "I don't have control of the airplane any more now", and two seconds later, "I don't have control of the airplane at all!"[42] Robert responded to this by saying, "controls to the left", and took over control of the aircraft.[84][44] He pushed his side-stick forward to lower the nose and recover from the stall; however, Bonin was still pulling his side-stick back. The inputs cancelled each other out and triggered an audible "dual input" warning.

It wasn't pitot tubes that had the hardware problem, it was the angle of attack sensor. The software was poorly designed to believe the input from just one fallible angle of attack sensor.